EJS: <%= versus <%-

Question

I\'m using EJS with a Node.js web server I\'m building. I see many EJS examples that sometimes use <%= when outputting HTML or strings, while other examples

Answer 1

The version of EJS you're likely using in Node is not the same as the version you see on Google code; in the Node version, <%= escapes the HTML going into the buffer, while <%- does not. ^source

Answer 2

With <%= you if would render some variables that holds a string that holds HTML code, it would not render that HTML code but render it as text to avoid cross-site scripting attacks.
With a minus ( <%- ) you can avoid this, and really render the HTML code.

Answer 3

<%= *param* %> is use for tranfer data from view to controller and vice versa

while <%- %> is to include other code

For my project is

Answer 4

From http://ejs.co/:

<% 'Scriptlet' tag, for control-flow, no output
<%= Outputs the value into the template (HTML escaped)
<%- Outputs the unescaped value into the template