Rails doesn’t automatically convert newline (“
\n“) characters in strings to line breaks (“
<%= h @user.address %>
Manually replacing the \n with
<br> without using h will make your site vulnerable to XSS attacks. The proper approach would be to convert the line breaks after h. Note that Rails already has a method,
simple_format, that converts line breaks.
<%= simple_format(h @user.address) %>