esc_html( string $text ): string
Escaping for HTML blocks.
Parameters
-
$text
string Required -
Return
string
Source
File: wp-includes/formatting.php
.
View all references
function esc_html( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
/**
* Filters a string cleaned and escaped for output in HTML.
*
* Text passed to esc_html() is stripped of invalid or special characters
* before output.
*
* @since 2.8.0
*
* @param string $safe_text The text after it has been escaped.
* @param string $text The text prior to being escaped.
*/
return apply_filters( 'esc_html', $safe_text, $text );
}
Hooks
-
apply_filters( 'esc_html',
string $safe_text ,string $text ) -
Filters a string cleaned and escaped for output in HTML.
Related
Uses
Uses | Description |
---|---|
wp_check_invalid_utf8() wp-includes/formatting.php |
Checks for invalid UTF8 in a string. |
_wp_specialchars() wp-includes/formatting.php |
Converts a number of special characters into their HTML entities. |
apply_filters() wp-includes/plugin.php |
Calls the callback functions that have been added to a filter hook. |
Used By
Used By | Description |
---|---|
wp_required_field_indicator() wp-includes/general-template.php |
Assigns a visual indicator for required form fields. |
WP_List_Table::get_views_links() wp-admin/includes/class-wp-list-table.php |
Generates views links. |
WP_Theme_JSON::remove_insecure_settings() wp-includes/class-wp-theme-json.php |
Processes a setting node and returns the same node without the insecure settings. |
WP_Theme_JSON::is_safe_css_declaration() wp-includes/class-wp-theme-json.php |
Checks that a declaration provided by the user is safe. |
WP_Image_Editor_Imagick::write_image() wp-includes/class-wp-image-editor-imagick.php |
Writes an image to a file or stream. |
WP_Application_Passwords_List_Table::column_name() wp-admin/includes/class-wp-application-passwords-list-table.php |
Handles the name column output. |
WP_Comments_List_Table::comment_type_dropdown() wp-admin/includes/class-wp-comments-list-table.php |
Displays a comment type drop-down for filtering on the Comments list table. |
Plugin_Installer_Skin::do_overwrite() wp-admin/includes/class-plugin-installer-skin.php |
Check if the plugin can be overwritten and output the HTML for overwriting a plugin on upload. |
Theme_Installer_Skin::do_overwrite() wp-admin/includes/class-theme-installer-skin.php |
Check if the theme can be overwritten and output the HTML for overwriting a theme on upload. |
wp_credits_section_title() wp-admin/includes/credits.php |
Displays the title for a given group of contributors. |
wp_credits_section_list() wp-admin/includes/credits.php |
Displays a list of contributors for a given group. |
verify_file_signature() wp-admin/includes/file.php |
Verifies the contents of a file against its ED25519 signature. |
WP_Posts_List_Table::formats_dropdown() wp-admin/includes/class-wp-posts-list-table.php |
Displays a formats drop-down for filtering items. |
WP_Site_Health_Auto_Updates::test_constants() wp-admin/includes/class-wp-site-health-auto-updates.php |
Tests if auto-updates related constants are set correctly. |
register_and_do_post_meta_boxes() wp-admin/includes/meta-boxes.php |
Registers the default post meta boxes, and runs the |
wp_comments_personal_data_exporter() wp-includes/comment.php |
Finds and exports personal data associated with an email address from the comments table. |
wp_comments_personal_data_eraser() wp-includes/comment.php |
Erases personal data associated with an email address from the comments table. |
get_the_privacy_policy_link() wp-includes/link-template.php |
Returns the privacy policy link with formatting, when applicable. |
WP_Privacy_Policy_Content::privacy_policy_guide() wp-admin/includes/class-wp-privacy-policy-content.php |
Output the privacy policy guide together with content from the theme and plugins. |
wp_privacy_generate_personal_data_export_group_html() wp-admin/includes/privacy-tools.php |
Generate a single group for the personal data export report. |
wp_privacy_generate_personal_data_export_file() wp-admin/includes/privacy-tools.php |
Generate the personal data export file. |
WP_Privacy_Requests_Table::column_status() wp-admin/includes/class-wp-privacy-requests-table.php |
Status column. |
wp_ajax_wp_privacy_export_personal_data() wp-admin/includes/ajax-actions.php |
Ajax handler for exporting a user’s personal data. |
wp_ajax_wp_privacy_erase_personal_data() wp-admin/includes/ajax-actions.php |
Ajax handler for erasing personal data. |
WP_Widget_Media_Gallery::render_control_template_scripts() wp-includes/widgets/class-wp-widget-media-gallery.php |
Render form template scripts. |
WP_Customize_Themes_Section::filter_drawer_content_template() wp-includes/customize/class-wp-customize-themes-section.php |
Render the filter drawer portion of a themes section as a JS template. |
wp_print_plugin_file_tree() wp-admin/includes/misc.php |
Outputs the formatted file list for the plugin file editor. |
wp_print_theme_file_tree() wp-admin/includes/misc.php |
Outputs the formatted file list for the theme file editor. |
WP_Widget_Media::render_control_template_scripts() wp-includes/widgets/class-wp-widget-media.php |
Render form template scripts. |
WP_Customize_Nav_Menus::print_post_type_container() wp-includes/class-wp-customize-nav-menus.php |
Prints the markup for new menu items. |
WP_Ajax_Upgrader_Skin::get_error_messages() wp-admin/includes/class-wp-ajax-upgrader-skin.php |
Retrieves a string for error messages. |
network_edit_site_nav() wp-admin/includes/ms.php |
Outputs the HTML for a network’s “Edit Site” tabular interface. |
wp_ajax_delete_plugin() wp-admin/includes/ajax-actions.php |
Ajax handler for deleting a plugin. |
wp_ajax_install_theme() wp-admin/includes/ajax-actions.php |
Ajax handler for installing a theme. |
wp_ajax_update_theme() wp-admin/includes/ajax-actions.php |
Ajax handler for updating a theme. |
wp_ajax_delete_theme() wp-admin/includes/ajax-actions.php |
Ajax handler for deleting a theme. |
wp_ajax_install_plugin() wp-admin/includes/ajax-actions.php |
Ajax handler for installing a plugin. |
the_embed_site_title() wp-includes/embed.php |
Prints the necessary markup for the site title in an embed template. |
WP_Customize_Widgets::start_dynamic_sidebar() wp-includes/class-wp-customize-widgets.php |
Begins keeping track of the current sidebar being rendered. |
WP_Customize_Widgets::end_dynamic_sidebar() wp-includes/class-wp-customize-widgets.php |
Finishes keeping track of the current sidebar being rendered. |
_oembed_create_xml() wp-includes/embed.php |
Creates an XML string from a given array. |
WP_Customize_Nav_Menu_Location_Control::render_content() wp-includes/customize/class-wp-customize-nav-menu-location-control.php |
Render content just like a normal select control. |
WP_Customize_Nav_Menu_Setting::sanitize() wp-includes/customize/class-wp-customize-nav-menu-setting.php |
Sanitize an input. |
WP_Customize_Nav_Menus::available_items_template() wp-includes/class-wp-customize-nav-menus.php |
Prints the HTML template used to render the add-menu-item frame. |
WP_Customize_Nav_Menus::enqueue_scripts() wp-includes/class-wp-customize-nav-menus.php |
Enqueues scripts and styles for Customizer pane. |
WP_Customize_New_Menu_Section::render() wp-includes/customize/class-wp-customize-new-menu-section.php |
Render the section, and the controls that have been added to it. |
WP_Posts_List_Table::column_title() wp-admin/includes/class-wp-posts-list-table.php |
Handles the title column output. |
WP_Posts_List_Table::column_default() wp-admin/includes/class-wp-posts-list-table.php |
Handles the default column output. |
WP_Comments_List_Table::handle_row_actions() wp-admin/includes/class-wp-comments-list-table.php |
Generates and displays row actions links. |
WP_Media_List_Table::column_default() wp-admin/includes/class-wp-media-list-table.php |
Handles output for the default column. |
WP_Media_List_Table::column_title() wp-admin/includes/class-wp-media-list-table.php |
Handles the title column output. |
the_meta() wp-includes/post-template.php |
Displays a list of post custom fields. |
wp_ajax_update_plugin() wp-admin/includes/ajax-actions.php |
Ajax handler for updating a plugin. |
WP_Customize_Manager::render_control_templates() wp-includes/class-wp-customize-manager.php |
Renders JS templates for all registered control types. |
_navigation_markup() wp-includes/link-template.php |
Wraps passed links in navigational markup. |
WP_Date_Query::validate_date_values() wp-includes/class-wp-date-query.php |
Validates the given date_query values and triggers errors if something is not valid. |
WP_Customize_Section::json() wp-includes/class-wp-customize-section.php |
Gather the parameters passed to client JavaScript via JSON. |
wp_dropdown_languages() wp-includes/l10n.php |
Displays or returns a Language selector. |
wp_ajax_parse_embed() wp-admin/includes/ajax-actions.php |
Apply [embed] Ajax handlers to a string. |
wp_install_language_form() wp-admin/includes/translation-install.php |
Output the select form for the language selection on the installation screen. |
signup_user() wp-signup.php |
Shows a form for a visitor to sign up for a new user account. |
show_blog_form() wp-signup.php |
Generates and displays the Sign-up and Create Site forms. |
WP_Upgrader::fs_connect() wp-admin/includes/class-wp-upgrader.php |
Connect to the filesystem. |
WP_Screen::render_screen_meta() wp-admin/includes/class-wp-screen.php |
Renders the screen’s help section. |
WP_Plugins_List_Table::no_items() wp-admin/includes/class-wp-plugins-list-table.php | |
wp_dropdown_cats() wp-admin/includes/deprecated.php |
Legacy function used for generating a categories drop-down control. |
install_themes_dashboard() wp-admin/includes/theme-install.php |
Displays tags filter for themes. |
Bulk_Upgrader_Skin::error() wp-admin/includes/class-bulk-upgrader-skin.php | |
WP_Upgrader_Skin::error() wp-admin/includes/class-wp-upgrader-skin.php | |
mu_dropdown_languages() wp-admin/includes/ms.php |
Generates and displays a drop-down of available languages. |
new_user_email_admin_notice() wp-includes/user.php |
Adds an admin notice alerting the user to check for confirmation request email after email address change. |
wp_image_editor() wp-admin/includes/image-edit.php |
Loads the WP image-editing interface. |
admin_color_scheme_picker() wp-admin/includes/misc.php |
Displays the default admin color scheme picker (Used in user-edit.php). |
install_plugin_information() wp-admin/includes/plugin-install.php |
Displays plugin information in dialog box form. |
wp_dashboard_plugins_output() wp-admin/includes/deprecated.php |
Display plugins text for the WordPress news widget. |
wp_dashboard_browser_nag() wp-admin/includes/dashboard.php |
Displays the browser update nag. |
wp_dashboard_recent_drafts() wp-admin/includes/dashboard.php |
Show recent drafts of the user on the dashboard. |
_wp_dashboard_recent_comments_row() wp-admin/includes/dashboard.php |
Outputs a row for the Recent Comments widget. |
WP_Plugin_Install_List_Table::display_rows() wp-admin/includes/class-wp-plugin-install-list-table.php | |
Walker_Category_Checklist::start_el() wp-admin/includes/class-walker-category-checklist.php |
Start the element output. |
_draft_or_post_title() wp-admin/includes/template.php |
Gets the post title. |
get_inline_data() wp-admin/includes/template.php |
Adds hidden fields with the data for use in the inline editor for posts and pages. |
meta_form() wp-admin/includes/template.php |
Prints the form in the Custom Fields meta box. |
page_template_dropdown() wp-admin/includes/template.php |
Prints out option HTML elements for the page templates drop-down. |
parent_dropdown() wp-admin/includes/template.php |
Prints out option HTML elements for the page parents drop-down. |
do_accordion_sections() wp-admin/includes/template.php |
Meta Box Accordion Template Function. |
wp_popular_terms_checklist() wp-admin/includes/template.php |
Retrieves a list of the most popular terms from the specified taxonomy. |
wp_link_category_checklist() wp-admin/includes/template.php |
Outputs a link category checklist element. |
WP_Users_List_Table::single_row() wp-admin/includes/class-wp-users-list-table.php |
Generate HTML for a single row on the users.php admin panel. |
media_upload_type_form() wp-admin/includes/media.php |
Outputs the legacy media upload form for a given media type. |
media_upload_library_form() wp-admin/includes/media.php |
Outputs the legacy media upload form for the media library. |
attachment_submitbox_metadata() wp-admin/includes/media.php |
Displays non-editable attachment metadata in the publish meta box. |
get_media_item() wp-admin/includes/media.php |
Retrieves HTML form for modifying the image attachment. |
media_upload_form() wp-admin/includes/media.php |
Outputs the legacy media upload form. |
wp_media_upload_handler() wp-admin/includes/media.php |
Handles the process of uploading media. |
get_sample_permalink_html() wp-admin/includes/post.php |
Returns the HTML of the sample permalink slug editor. |
_wp_post_thumbnail_html() wp-admin/includes/post.php |
Returns HTML for the post thumbnail meta box. |
_admin_notice_post_locked() wp-admin/includes/post.php |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
get_default_post_to_edit() wp-admin/includes/post.php |
Returns default post information to use when populating the “Write Post” form. |
wp_ajax_upload_attachment() wp-admin/includes/ajax-actions.php |
Ajax handler for uploading attachments |
wp_ajax_wp_fullscreen_save_post() wp-admin/includes/ajax-actions.php |
Ajax handler for saving posts from the fullscreen editor. |
wp_ajax_inline_save() wp-admin/includes/ajax-actions.php |
Ajax handler for Quick Edit saving a post from a list table. |
wp_ajax_find_posts() wp-admin/includes/ajax-actions.php |
Ajax handler for querying posts for the Find Posts modal. |
wp_ajax_add_link_category() wp-admin/includes/ajax-actions.php |
Ajax handler for adding a link category. |
wp_get_revision_ui_diff() wp-admin/includes/revision.php |
Get the revision UI diff. |
post_trackback_meta_box() wp-admin/includes/meta-boxes.php |
Displays trackback links form fields. |
page_attributes_meta_box() wp-admin/includes/meta-boxes.php |
Displays page attributes form fields. |
post_submit_meta_box() wp-admin/includes/meta-boxes.php |
Displays post submit form fields. |
post_format_meta_box() wp-admin/includes/meta-boxes.php |
Displays post format form elements. |
post_categories_meta_box() wp-admin/includes/meta-boxes.php |
Displays post categories form fields. |
edit_link() wp-admin/includes/bookmark.php |
Updates or inserts a link using values provided in $_POST. |
WP_Comments_List_Table::column_author() wp-admin/includes/class-wp-comments-list-table.php | |
WP_Comments_List_Table::column_response() wp-admin/includes/class-wp-comments-list-table.php | |
WP_Comments_List_Table::column_comment() wp-admin/includes/class-wp-comments-list-table.php | |
Walker_Nav_Menu_Edit::start_el() wp-admin/includes/class-walker-nav-menu-edit.php |
Start the element output. |
Walker_Nav_Menu_Checklist::start_el() wp-admin/includes/class-walker-nav-menu-checklist.php |
Start the element output. |
wp_nav_menu_item_taxonomy_meta_box() wp-admin/includes/nav-menu.php |
Displays a meta box for a taxonomy menu item. |
request_filesystem_credentials() wp-admin/includes/file.php |
Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
WP_Posts_List_Table::inline_edit() wp-admin/includes/class-wp-posts-list-table.php |
Outputs the hidden row displayed when inline editing |
wp_list_widget_controls() wp-admin/includes/widgets.php |
Show the widgets and their settings for a sidebar. |
wp_widget_control() wp-admin/includes/widgets.php |
Meta widget used to display the control form for a widget. |
_wp_credits_add_profile_link() wp-admin/includes/credits.php |
Retrieve the link to a contributor’s WordPress.org profile page. |
_wp_credits_build_object_link() wp-admin/includes/credits.php |
Retrieve the link to an external library used in WordPress. |
Custom_Image_Header::step_1() wp-admin/includes/class-custom-image-header.php |
Display first step of custom header image page. |
WP_Object_Cache::stats() wp-includes/class-wp-object-cache.php |
Echoes the stats of the caching. |
wp_generate_tag_cloud() wp-includes/category-template.php |
Generates a tag cloud (heatmap) from provided data. |
esc_html__() wp-includes/l10n.php |
Retrieves the translation of $text and escapes it for safe use in HTML output. |
esc_html_e() wp-includes/l10n.php |
Displays translated text that has been escaped for safe use in HTML output. |
esc_html_x() wp-includes/l10n.php |
Translates string with gettext context, and escapes it for safe use in HTML output. |
sanitize_option() wp-includes/formatting.php |
Sanitizes various option values based on the nature of the option. |
wp_pre_kses_less_than_callback() wp-includes/formatting.php |
Callback function used by preg_replace. |
wp_login_form() wp-includes/general-template.php |
Provides a simple login form for use anywhere within WordPress. |
wp_specialchars() wp-includes/deprecated.php |
Legacy escaping for HTML blocks. |
the_content_rss() wp-includes/deprecated.php |
Display the post content for the feed. |
WP_Theme::markup_header() wp-includes/class-wp-theme.php |
Marks up a theme header. |
WP_Theme::__construct() wp-includes/class-wp-theme.php |
Constructor for WP_Theme. |
wp_timezone_choice() wp-includes/functions.php |
Gives a nicely-formatted list of timezone strings. |
wp_nonce_url() wp-includes/functions.php |
Retrieves URL with nonce added to URL query. |
wp_upload_dir() wp-includes/functions.php |
Returns an array containing the current upload directory’s path and URL. |
WP_Nav_Menu_Widget::form() wp-includes/widgets/class-wp-nav-menu-widget.php |
Outputs the settings form for the Navigation Menu widget. |
WP_Widget_Tag_Cloud::form() wp-includes/widgets/class-wp-widget-tag-cloud.php |
Outputs the Tag Cloud widget settings form. |
WP_Widget_RSS::widget() wp-includes/widgets/class-wp-widget-rss.php |
Outputs the content for the current RSS widget instance. |
WP_Widget_Archives::widget() wp-includes/widgets/class-wp-widget-archives.php |
Outputs the content for the current Archives widget instance. |
WP_Widget_Links::form() wp-includes/widgets/class-wp-widget-links.php |
Outputs the settings form for the Links widget. |
wp_widget_rss_output() wp-includes/widgets.php |
Display the RSS entries in a list. |
wp_widget_rss_form() wp-includes/widgets.php |
Display RSS widget options form. |
WP_Embed::maybe_make_link() wp-includes/class-wp-embed.php |
Conditionally makes a hyperlink based on an internal class variable. |
sanitize_term_field() wp-includes/taxonomy.php |
Sanitizes the field value in the term based on the context. |
wp_version_check() wp-includes/update.php |
Checks WordPress version against the newest version. |
WP_oEmbed::data2html() wp-includes/class-wp-oembed.php |
Converts a data object from WP_oEmbed::fetch() and returns the HTML. |
wp_admin_bar_site_menu() wp-includes/admin-bar.php |
Adds the “Site Name” menu. |
wp_protect_special_option() wp-includes/option.php |
Protects WordPress special option from being modified. |
wp_dropdown_users() wp-includes/user.php |
Creates dropdown HTML content of users. |
sanitize_user_field() wp-includes/user.php |
Sanitizes user field based on context. |
Walker_PageDropdown::start_el() wp-includes/class-walker-page-dropdown.php |
Starts the element output. |
wp_get_attachment_link() wp-includes/post-template.php |
Retrieves an attachment page link using an image or icon, if possible. |
wp_video_shortcode() wp-includes/media.php |
Builds the Video shortcode output. |
wp_audio_shortcode() wp-includes/media.php |
Builds the Audio shortcode output. |
wpmu_welcome_user_notification() wp-includes/ms-functions.php |
Notifies a user that their account activation has been successful. |
wpmu_welcome_notification() wp-includes/ms-functions.php |
Notifies the site administrator that their site activation was successful. |
wpmu_signup_blog_notification() wp-includes/ms-functions.php |
Sends a confirmation request email to a user when they sign up for a new site. The new site will not become active until the confirmation link is clicked. |
wpmu_signup_user_notification() wp-includes/ms-functions.php |
Sends a confirmation request email to a user when they sign up for a new user account (without signing up for a site at the same time). The user account will not become active until the confirmation link is clicked. |
sanitize_bookmark_field() wp-includes/bookmark.php |
Sanitizes a bookmark field. |
wpmu_admin_do_redirect() wp-includes/ms-deprecated.php |
Redirect a user based on $_GET or $_POST arguments. |
wp_update_nav_menu_object() wp-includes/nav-menu.php |
Saves the properties of a menu or create a new menu with those properties. |
wp_rss() wp-includes/rss.php |
Display all RSS items in a HTML ordered list. |
get_rss() wp-includes/rss.php |
Display RSS items in HTML list items. |
wp_xmlrpc_server::pingback_ping() wp-includes/class-wp-xmlrpc-server.php |
Retrieves a pingback and registers it. |
wp_xmlrpc_server::mw_getCategories() wp-includes/class-wp-xmlrpc-server.php |
Retrieves the list of categories on a given blog. |
wp_xmlrpc_server::wp_getTags() wp-includes/class-wp-xmlrpc-server.php |
Gets the list of all tags. |
WP_Customize_Control::render_content() wp-includes/class-wp-customize-control.php |
Render the control’s content. |
wp_widget_description() wp-includes/widgets.php |
Retrieve description for widget. |
get_cancel_comment_reply_link() wp-includes/comment-template.php |
Retrieves HTML content for cancel comment reply link. |
get_comment_author_email_link() wp-includes/comment-template.php |
Returns the HTML email link to the author of the current comment. |
comment_author_IP() wp-includes/comment-template.php |
Displays the IP address of the author of the current comment. |
WP_Customize_Widgets::output_widget_control_templates() wp-includes/class-wp-customize-widgets.php |
Renders the widget form control templates into the DOM. |
_WP_Editors::wp_link_query() wp-includes/class-wp-editor.php |
Performs post queries for internal linking. |
wp_print_media_templates() wp-includes/media-template.php |
Prints the templates used in the media manager. |
Changelog
Version | Description |
---|---|
2.8.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
Examples
$html now contains this:
which would be displayed in an HTML document as:
<a href="http://www.example.com/">A link</a>
Instead of like this:
A link
Note that
esc_html
will attempt to avoid double-encoding. Take this code:This will print
A & B
instead ofA &amp; B
.After using
esc_html()
on your example string you would have:[html]<a href="http://www.example.com/">A link</a>[/html]