Title: _wp_specialchars
Published: April 25, 2014
Last modified: February 24, 2026

---

# _wp_specialchars( string $text, int|string $quote_style = ENT_NOQUOTES, false|string $charset = false, bool $double_encode = false ): string

## In this article

 * [Description](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#description)
 * [Parameters](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#source)
 * [Related](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#changelog)
 * [User Contributed Notes](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#user-contributed-notes)

[ Back to top](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#wp--skip-link--target)

This function’s access is marked private. This means it is not intended for use 
by plugin or theme developers, only by core. It is listed here for completeness.

Converts a number of special characters into their HTML entities.

## 󠀁[Description](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#description)󠁿

Specifically deals with: `&`, `<`, `>`, `"`, and `'`.

`$quote_style` can be set to ENT_COMPAT to encode `"` to `&quot;`, or ENT_QUOTES
to do both. Default is ENT_NOQUOTES where no quotes are encoded.

## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#parameters)󠁿

 `$text`stringrequired

The text which is to be encoded.

`$quote_style`int|stringoptional

Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES
or none if set to ENT_NOQUOTES.
 Converts single and double quotes, as well as converting
HTML named entities (that are not also XML named entities) to their code points 
if set to ENT_XML1. Also compatible with old values; converting single quotes if
set to `'single'`, double if set to `'double'` or both if otherwise set. Default
is ENT_NOQUOTES.

Default:`ENT_NOQUOTES`

`$charset`false|stringoptional

The character encoding of the string.

Default:`false`

`$double_encode`booloptional

Whether to encode existing HTML entities.

Default:`false`

## 󠀁[Return](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#return)󠁿

 string The encoded text with HTML entities.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#source)󠁿

    ```php
    function _wp_specialchars( $text, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
    	$text = (string) $text;

    	if ( 0 === strlen( $text ) ) {
    		return '';
    	}

    	// Don't bother if there are no specialchars - saves some processing.
    	if ( ! preg_match( '/[&<>"\']/', $text ) ) {
    		return $text;
    	}

    	// Account for the previous behavior of the function when the $quote_style is not an accepted value.
    	if ( empty( $quote_style ) ) {
    		$quote_style = ENT_NOQUOTES;
    	} elseif ( ENT_XML1 === $quote_style ) {
    		$quote_style = ENT_QUOTES | ENT_XML1;
    	} elseif ( ! in_array( $quote_style, array( ENT_NOQUOTES, ENT_COMPAT, ENT_QUOTES, 'single', 'double' ), true ) ) {
    		$quote_style = ENT_QUOTES;
    	}

    	$charset = _canonical_charset( $charset ? $charset : get_option( 'blog_charset' ) );

    	$_quote_style = $quote_style;

    	if ( 'double' === $quote_style ) {
    		$quote_style  = ENT_COMPAT;
    		$_quote_style = ENT_COMPAT;
    	} elseif ( 'single' === $quote_style ) {
    		$quote_style = ENT_NOQUOTES;
    	}

    	if ( ! $double_encode ) {
    		/*
    		 * Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
    		 * This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
    		 */
    		$text = wp_kses_normalize_entities( $text, ( $quote_style & ENT_XML1 ) ? 'xml' : 'html' );
    	}

    	$text = htmlspecialchars( $text, $quote_style, $charset, $double_encode );

    	// Back-compat.
    	if ( 'single' === $_quote_style ) {
    		$text = str_replace( "'", '&#039;', $text );
    	}

    	return $text;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/formatting.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/formatting.php#L945)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/formatting.php#L945-L993)

## 󠀁[Related](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#related)󠁿

| Uses | Description | 
| [wp_kses_normalize_entities()](https://developer.wordpress.org/reference/functions/wp_kses_normalize_entities/)`wp-includes/kses.php` |

Converts and fixes HTML entities.

  | 
| [_canonical_charset()](https://developer.wordpress.org/reference/functions/_canonical_charset/)`wp-includes/functions.php` |

Retrieves a canonical form of the provided charset appropriate for passing to PHP functions such as htmlspecialchars() and charset HTML attributes.

  | 
| [get_option()](https://developer.wordpress.org/reference/functions/get_option/)`wp-includes/option.php` |

Retrieves an option value based on an option name.

  |

[Show 1 more](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#)

| Used by | Description | 
| [esc_xml()](https://developer.wordpress.org/reference/functions/esc_xml/)`wp-includes/formatting.php` |

Escaping for XML blocks.

  | 
| [esc_js()](https://developer.wordpress.org/reference/functions/esc_js/)`wp-includes/formatting.php` |

Escapes single quotes, `"`, , `&amp;`, and fixes line endings.

  | 
| [esc_html()](https://developer.wordpress.org/reference/functions/esc_html/)`wp-includes/formatting.php` |

Escaping for HTML blocks.

  | 
| [esc_attr()](https://developer.wordpress.org/reference/functions/esc_attr/)`wp-includes/formatting.php` |

Escaping for HTML attributes.

  | 
| [wp_specialchars()](https://developer.wordpress.org/reference/functions/wp_specialchars/)`wp-includes/deprecated.php` |

Legacy escaping for HTML blocks.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#changelog)󠁿

| Version | Description | 
| [5.5.0](https://developer.wordpress.org/reference/since/5.5.0/) | `$quote_style` also accepts `ENT_XML1`. | 
| [1.2.2](https://developer.wordpress.org/reference/since/1.2.2/) | Introduced. |

## 󠀁[User Contributed Notes](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#user-contributed-notes)󠁿

 1.  [Skip to note 2 content](https://developer.wordpress.org/reference/functions/_wp_specialchars/?output_format=md#comment-content-6188)
 2.   [Mahdi Yazdani](https://profiles.wordpress.org/mahdiyazdani/)  [  3 years ago  ](https://developer.wordpress.org/reference/functions/_wp_specialchars/#comment-6188)
 3. [You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2F_wp_specialchars%2F%23comment-6188)
    Vote results for this note: -1[You must log in to vote on the helpfulness of this note](https://login.wordpress.org?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2F_wp_specialchars%2F%23comment-6188)
 4. Escape JSON for use on HTML or attribute text nodes.
 5.     ```php
        /**
         * Escape JSON for use on HTML or attribute text nodes.
         *
         * @param  string $json JSON to escape.
         * @param  bool   $html True if escaping for HTML text node, false for attributes. Determines how quotes are handled.
         * @return string Escaped JSON.
         */
        function wpdocs_esc_json( $json, $html = false ) {
        	return _wp_specialchars(
        		$json,
        		$html ? ENT_NOQUOTES : ENT_QUOTES, // Escape quotes in attribute nodes only.
        		'UTF-8',                           // json_encode() outputs UTF-8 (really just ASCII), not the blog's charset.
        		true                               // Double escape entities: `&` -> `&amp;`.
        	);
        }
        ```
    
 6.  [Log in to add feedback](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2F_wp_specialchars%2F%3Freplytocom%3D6188%23feedback-editor-6188)

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2F_wp_specialchars%2F)
before being able to contribute a note or feedback.