I think the answer is "it depends".
For JSON, JSON libraries guarantee that when you call `.to_json` you can also call `.parse` on the output and get identical JSON back. So in that sense there's some escaping that works in both directions. That said, YMMV depending on which JSON encoder you're using (default json, oj, etc.) and what each object being rendered does when `.as_json` or `.to_json` is called on it. But that doesn't necessarily mean that if you put HTML into a value of JSON object that it's somehow safe to render on a web page.
You're probably not asking the right question. What is your scenario for using the output of the API? You should sanitize any input before rendering (e.g. with the sanitize gem, or via a renderer such as ERB), and not rely on any API's output to be safe for rendering inline in HTML.
Hope this helps!
cheers
dB.