Escape Javascript when rendering a html.erb partial from within a controller

I think about if the following scenario is a security risk (XSS).

In one of my controllers I respond to a Javascript request with:

format.js { render :partial => "myobjects" }`

The myobjects partial (_myobjects.html.erb) is a HTML partial (that is also used by some templates) where stuff from the database is input. With jQuery I now do the following Ajax request to get the content in myobjects and replace something on the site:

$.get(this.href, function(data) {
  $("#myelement").html(data);
}, "script");

I ask myself now if this is secure.

• Do I need to explicitly do some escaping on the myobjects partial when it is used in Ajax request like above?
• Do I have to do that manually inside the partial? Or can I somehow tell that ren开发者_如何学运维der method to do this?
• Would adding an escape_javascript call inside the partial somehow interfere when using the same partial in a normal html.erb template?

I thought more complicated than it really is. All stuff using <%= %> is by secure by default (as HTML tags are automatically escaped in Rails >= 3). And so the above scenario is also no risk as the database content is inserted that way into the partial.