When I generate a default scaffold, the display tags on show.html.erb have
<%=h @broker.name %>
I know the difference between <% and <%=. What's the "h" do?
html escape. It's a method that converts things like < and > into numerical character references so that rendering won't break your html.