As @nmeylan pointed that calling Post.all in view is not a good practice.
I would use @posts as example below. You could try:
<%= @posts.map { |p| content_tag :div, h(p.title) }.join.html_safe %>
Since rails 4 escape HTML by default, you have to call html_safe
or raw
. But it seems like p.title is a user input, so it has to be escaped.