esc_attr( string $text )

Escaping for HTML attributes.


Description Description


Parameters Parameters

$text

(string) (Required)


Top ↑

Return Return

(string)


Top ↑

Source Source

File: wp-includes/formatting.php

function esc_attr( $text ) {
	$safe_text = wp_check_invalid_utf8( $text );
	$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
	/**
	 * Filter a string cleaned and escaped for output in an HTML attribute.
	 *
	 * Text passed to esc_attr() is stripped of invalid or special characters
	 * before output.
	 *
	 * @since 2.0.6
	 *
	 * @param string $safe_text The text after it has been escaped.
 	 * @param string $text      The text prior to being escaped.
	 */
	return apply_filters( 'attribute_escape', $safe_text, $text );
}


Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

More Information More Information

Encodes the <, >, &, ” and ‘ (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.

Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc. To escape the value of a translation use esc_attr__() instead; to escape, translate and echo, use esc_attr_e().



Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note.