If you’re using Haml templates, instead of ERB, strings are automatically escaped in the same way as in ERB templates. Also like in ERB templates, HTML-safe strings (string.html_safe? returns true) won’t be escaped automatically. The != notation in Haml works like <%= raw(…) %> in ERB, so it will render the unescaped version.
By default,
= "<em>emphasized</em>" != "<em>emphasized</em>"
compiles to:
<em>emphasized</em> <em>emphasized</em>
So take care when using != in Haml, make sure no user data will be rendered unescaped.
