What is the meaning of “h” in “<%=h [ …] %>”?

Question

When I generate a default scaffold, the display tags on show.html.erb have

<%=h @broker.name %>

I know the difference between &

Answer 1

<%=h is actually 2 things happening. You're opening an erb tag (<%=) and calling the Rails method h to escape all symbols.

These two calls are equivalent:

<%=h person.first_name %>
<%= h(person.first_name) %>

The h method is commonly used to escape HTML and Javascript from user-input forms.