Labs ICT
Pro Login

Basic Syntax

The three tags: output, escape, and raw.

The Three Main Tags

EJS has three main tags you'll use constantly. Let's break them down so you know exactly when to use each one.

First up is the output tag with escaping: <%=. This outputs the value and escapes HTML characters for safety.



User input: <%= userInput %>

If userInput contains <script>, it gets escaped to safe text. Always use this for user-provided content.

Raw Output

Sometimes you need to output raw HTML without escaping. That's what <%- is for:


<%- htmlContent %>

Be careful with this one. Only use it for trusted content, never for user input. XSS vulnerabilities are no joke.

Try it Yourself →

Comments

Need to leave notes in your templates? Use <%# for comments:


<%# This is a comment that won't appear in the output %>

Comments are stripped out during rendering. They're just for you and other developers reading the template.

Literal Percent Signs

What if you need a literal %> in your output? EJS has you covered with the escaped version:



100% complete

That <%% outputs a literal percent sign. Handy when you're dealing with percentages or similar content.

← Setting Up EJS
Working with Variables →