So far according to my googling, escape was part of js and is deprecated and use encodeURI instead. But what about the <%= tag for ejs to escape variables? Are their effect is identical to a variable's JSON content?
<%= escapes the data so it is suitable for inserting into an HTML document.
encodeURI escapes data so it is suitable for inserting into a URL.
They are completely different because they are targeting different output formats.