How to sanitize input in rails .erb file

I am new to ruby on rails.

I have a .erb file with HTML contents.

<input type="text" name="username" placeholder="enter your username" id="user" value="<%= params["username"] %>" />

my HTML page accepts an input and when I give it any random input: <img src=x onerror=prompt(1)> it will causes Cross-site Scripting vulnerability.

Please suggest how to fix this issue. i do some googling and find html_escape is one option, please suggest how to use it in erb files.