Methods
H
J
Constants
HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
Class Public methods
h(s)

Alias for html_escape

html_escape(s)

A utility method for escaping HTML tag characters. This method is also aliased as h.

In your ERB templates, use this method to escape any unsafe content. For example: 

  <%=h @person.name %>

Example:

  puts html_escape("is a > 0 & a < 10?")
  # => is a &gt; 0 &amp; a &lt; 10?
This method is also aliased as h

Source: show | on GitHub 

    # File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 20
20:       def html_escape(s)
21:         s = s.to_s
22:         if s.html_safe?
23:           s
24:         else
25:           s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
26:         end
27:       end
j(s)

Alias for json_escape

json_escape(s)

A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals: 

  json_escape("is a > 0 & a < 10?")
  # => is a \u003E 0 \u0026 a \u003C 10?

Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed: 

  json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
  # => {name:john,created_at:2010-04-28T01:39:31Z,id:1}

This method is also aliased as j, and available as a helper in Rails templates: 

  <%=j @person.to_json %>
This method is also aliased as j

Source: show | on GitHub 

    # File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 65
65:     def json_escape(s)
66:       result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
67:       s.html_safe? ? result.html_safe : result
68:     end