author avatar

ashwanikumarjha

Thu Jun 20 2024

EJS, the templating engine for JavaScript, allows us to generate HTML markup with plain JavaScript.

By default, EJS escapes any HTML entities in the output to prevent issues such as cross-site scripting. This is done by replacing characters like <, >, &, and " with their respective HTML entity codes.

For example:



- `&` is replaced with `&`
- `<` is replaced with `<`
- `>` is replaced with `>`
- `"` or `'` (double or single quote) is replaced with `&quot;` or `&#39;` respectively.


Unescape HTML entities with <%- %>

If we want EJS to output our data without escaping HTML entities, replace <%= %> with <%- %>. This instructs EJS to render the data as unescaped.