it is just that ERB::Util includes an 'h' method
so it is:
<%=h blBLA%>
oh, you even get a #u method 
il Mon, 26 Jul 2004 13:39:28 +0900, Jamis Buck <jgb3@email.byu.edu> ha scritto::
dominic sisneros wrote:
If you include ERB::Util then it includes html escape. Use it in your
templates like this<%h= puts "Some text with <characters>" %>
Could you give a longer example? I tried the following and didn't get
what I expected...
Sorry, I tried to do it from memory and got the format juxtaposed.
Instead of <%h= "something with <xml> %>
should be <%=h "something with <xml> %>
Ahh, great stuff! I've instantly included ERB::Util with the ERbTemplate class, so now all templates written for the Action Pack can enjoy this easier way of escaping. Thanks Dominic. And thanks Andreas for the push back that led to this "discovery" :). The fix is in the CVS. (If you want to run Rails in CVS, bleeding edge mode, checkout Ruby on Rails — A web-app framework that includes everything needed to create database-backed web applications according to the Model-View-Controller (MVC) pattern.).
--
David Heinemeier Hansson,
http://www.rubyonrails.org/ -- Web-application framework for Ruby
http://www.instiki.org/ -- A No-Step-Three Wiki in Ruby
http://www.basecamphq.com/ -- Web-based Project Management
http://www.loudthinking.com/ -- Broadcasting Brain
http://www.nextangle.com/ -- Development & Consulting Services