ERB::Util activesupport/lib/active_support/core_ext/string/output_safety.rbhtml_escape(s)A utility method for escaping 

HTML tag characters. This method is also aliased as 

h.In your 

ERB templates, use this method to escape any unsafe content. For example:<%=

h

@person.

name %>Example:puts

html_escape(

“is a > 0 & a < 10?”)

=> is a > 0 & a < 10?Also aliased as: 

hSource: 

hide# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 18

def

html_escape(

s)

s =

s.

to_s

if

s.

html_safe?

s

else

s.

gsub(

/&/,

“&”).

gsub(

/"/,

“"”).

gsub(

/>/,

“>”).

gsub(

/</,

“<”).

html_safe

end

end

ActionView::Helpers::JavaScriptHelper actionpack/lib/action_view/helpers/javascript_helper.rb

escape_javascript(javascript)Escape carrier returns and single and double quotes for JavaScript segments. Also available through the alias j(). This is particularly helpful in JavaScript responses, like:$(‘some_element’).

replaceWith(

’<%=j render ‘some/

element_template’ %>’);Also aliased as: 

jSource: 

hide# File actionpack/lib/action_view/helpers/javascript_helper.rb, line 19

def

escape_javascript(

javascript)

if

javascript

result =

javascript.

gsub(

/(|<\/

\r\n

[\n\r”’])/) {

match

JS_ESCAPE_MAP[

match] }

javascript.

html_safe?

?

result.

html_safe

result

else

’’

end

end