What is the meaning of "h" in "<%=h [ ...] %>"?
html escape. It's a method that converts things like < and > into numerical character references so that rendering won't break your html.
<%=h
is actually 2 things happening. You're opening an erb tag (<%=
) and calling the Rails method h
to escape all symbols.
These two calls are equivalent:
<%=h person.first_name %>
<%= h(person.first_name) %>
The h
method is commonly used to escape HTML and Javascript from user-input forms.
h
is a method alias for html_escape
from the ERB::Util class.