So far according to my googling, escape
was part of js and is deprecated and use encodeURI instead. But what about the <%=
tag for ejs to escape variables? Are their effect is identical to a variable's JSON content?
<%=
escapes the data so it is suitable for inserting into an HTML document.
encodeURI
escapes data so it is suitable for inserting into a URL.
They are completely different because they are targeting different output formats.