The tip mentioned at http://www.sinatrarb.com/faq.html#escape_html is not right.
Rack::Utils#escape is doing URI escaping as http://rack.rubyforge.org/doc/classes/Rack/Utils.html#M000082 says.
One could use CGI.escapeHTML instead:
> require 'cgi'
> CGI.escapeHTML('<b>nice try</b>')
=> "<b>nice try</b>"
I also find a same problem and has send a pull request in #73.
@bigwheel Thanks! I will close this then, your solution seems the best.
Thanks for your work on this. I noticed this issue is still visible at http://www.sinatrarb.com/faq.html#escape_html and it tripped me up today. Is there maybe a refresh that can be done for the public web site?
@tedsparc It seems fixed at me, thanks to #73 which was pulled. Rack::Utils#escape_html seems fine to escape HTML (Rack::Utils#escape is doing URI escaping though). Do you still observe alias_method :h, :escape on that page?
alias_method :h, :escape