Safety When using Blueprint all content and attribute values passed to elements and components are escaped. ExamplePage Output class ExamplePage include Blueprint::HTML private def blueprint span { "<script>alert('hello')</script>" } input(class: "some-class\" onblur=\"alert('Attribute')") end end <span><script>alert('hello')</script></span> <input class="some-class" onblur="alert('Attribute')">