Handling ampersand & html entities in phoenix forms

I’ve got an HTML form using validations. When the form fails validation, it is sent back to the user so they can fix the error & try again (as in the standard scaffolding generator).

I’m using both Phoenix.HTML.escape_javascript (to put the data as input into some javascript on the pge) as well as a hidden_input field that the data gets inserted to.

When a user puts in “Something & Something” into the field, and validation fails, the server sends back “Something & Something”, and that’s what ends up getting submitted when they re-submit the form.

I’d like to use Phoenix’s great sanitization features but not have my ampersands end up becoming &. Any suggestions?

For reference: I found a solution to my problem. I was passing the form data through a javascript helper & escaping the data using Phoenix.HTML.escape_javascript(). My EEx was something like:

"<%= Phoenix.HTML.escape_javascript("a string & thing") %>"

I changed it to:
"<%= raw Phoenix.HTML.escape_javascript("a string & thing") %>"

Which seems to have worked. I think/hope that it’s still “safe” because of the javascript escaping.