hescape-ruby 
A gem to use hescape from Ruby, which is fast HTML escape implementation using SSE instructions.
Benchmark
See the result of this benchmark. Followings are the result of:
Benchmark.ips do |x|
str = ENV['ESCAPE_STRING']
puts "escaping: #{str}"
escape_table = { "'" => ''', '&' => '&', '"' => '"', '<' => '<', '>' => '>', }
x.report('gsub') { str.gsub(/['&\"<>]/, escape_table) }
x.report('escape_utils') { EscapeUtils.escape_html(str, false) }
x.report('cgi/escape') { CGI.escapeHTML(str) }
x.report('hescape') { Hescape.escape_html(str) }
x.compare!
end
No escape
escaping: https://github.com/k0kubun/hescape-ruby
Calculating -------------------------------------
gsub 2.392M (Short escape
Note: If given string is short, hescape skips SSE instruction. But it's fast.
escaping: <script />
Calculating -------------------------------------
gsub 586.604k (± 1.8%) i/s - 2.941M in 5.015840s
escape_utils 2.948M (Long escape
escaping: <<<<<<<<<<>>>>>>>>>&&&&&&&&&&""""""'''''
Calculating -------------------------------------
gsub 66.181k (± 0.4%) i/s - 331.968k in 5.016150s
escape_utils 749.600k (± 8.1%) i/s - 3.762M in 5.053210s
cgi/escape 720.474k (± 1.6%) i/s - 3.628M in 5.037395s
hescape 754.412k (± 8.2%) i/s - 3.801M in 5.070904s
Comparison:
hescape: 754411.6 i/s
escape_utils: 749600.4 i/s - same-ish: difference falls within error
cgi/escape: 720473.5 i/s - same-ish: difference falls within error
gsub: 66181.0 i/s - 11.40x slower
Installation
Add this line to your application's Gemfile:
gem 'hescape'
Usage
Hescape.escape_html(%[<>"'&]) #=> "<>"'&"
License
The gem is available as open source under the terms of the MIT License.