Problem:
Rails doesn’t automatically convert newline (“\n“) characters in strings to line breaks (“<br>“) with h.
<%= h @user.address %>
Solution:
Manually replacing the \n with <br> without using h will make your site vulnerable to XSS attacks. The proper approach would be to convert the line breaks after h. Note that Rails already has a method, simple_format, that converts line breaks.
<%= simple_format(h @user.address) %>
