HTML.ERB is HTML mixed with Ruby, using HTML tags. All of Ruby is available for programming along with HTML.
Following is the syntax of using Ruby with HTML −
<% %> # executes the Ruby code <%= %> # executes the Ruby code and displays the result
<ul> <% @products.each do |p| %> <li><%= @p.name %></li> <% end %> </ul>
The output of anything in <%= %> tags is directly copied to the HTML output stream. To secure against HTML injection, use the h() function to html_escape the output
For example
<%=h @user_entered_notes %>
Please check the following link on XML Builder.