input class='xxx' value==params[:account]

To insert something verbatim use the raw helper rather than calling html_safe:
<%= raw @cms.current_template %> <%# inserts @cms.current_template as is %>
or, equivalently, use <%==:
<%== @cms.current_template %> <%# inserts @cms.current_template as is %>

input class='xxx' value=raw(params[:account])

This method outputs without escaping a string. Since escaping tags is now default, this can be used when you don't want Rails to automatically escape tags. This is not recommended if the data is coming from the user's input.

input class='xxx' value=params[:account]

# File actionview/lib/action_view/helpers/output_safety_helper.rb, line 16
def raw(stringish)
 stringish.to_s.html_safe
end

It will be inserted into HTML with no additional escaping performed. It is your responsibilty to ensure that the string contains no malicious content. This method is equivalent to the raw helper in views.

input class='xxx' value==params[:account]
input class='xxx' value=raw(params[:account])
input class='xxx' value=params[:account].html_safe

It is recommended that you use sanitize instead of this method(html_safe).
(#sanitize)Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted.