GitHub

Html-entities lets you encode and decode entities in HTML.

You can make it a different set of characters by providing the encode-entities function with a regex. Only matching characters will be encoded: ;; only encode ...
findnerd.com

raw vs. html_safe vs. h to unescape html

Rails has a nice way to protect yourself from CSRF attacks through threatening HTML encoding from anything you write between <%= %>. But there is a caution, you want to render HTML from string so you ...