Why do we use EJS?
EJS (Embedded JavaScript) is a popular templating engine for Node.js applications. It allows you to embed JavaScript code directly into HTML templates, making it easier to generate dynamic content. However, when rendering user-generated data, precautions must be taken to prevent XSS attacks.
Example:
let username = ajeet
let greet = `hello ${username}`
How to Escape HTML in NodeJS EJS View ?
When working with web applications in Node.js using the EJS templating engine, it’s important to ensure that user-generated content containing HTML is rendered safely. Otherwise, it can lead to security vulnerabilities such as cross-site scripting (XSS) attacks.