esc_html( string $text )

Escaping for HTML blocks.

Contents

Description Description

Parameters Parameters

$text

(string) (Required)

Top ↑

Return Return

(string)

Top ↑

Source Source

File: wp-includes/formatting.php 

function esc_html( $text ) {
	$safe_text = wp_check_invalid_utf8( $text );
	$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
	/**
	 * Filters a string cleaned and escaped for output in HTML.
	 *
	 * Text passed to esc_html() is stripped of invalid or special characters
	 * before output.
	 *
	 * @since 2.8.0
	 *
	 * @param string $safe_text The text after it has been escaped.
	 * @param string $text      The text prior to being escaped.
	 */
	return apply_filters( 'esc_html', $safe_text, $text );
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/formatting.php: esc_html

Filters a string cleaned and escaped for output in HTML.
wp-includes/formatting.php: wp_check_invalid_utf8()

Checks for invalid UTF8 in a string.
wp-includes/formatting.php: _wp_specialchars()

Converts a number of special characters into their HTML entities.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/blocks/latest-comments.php: wp_latest_comments_draft_or_post_title()

Get the post title.
wp-includes/blocks/latest-posts.php: render_block_core_latest_posts()

Renders the core/latest-posts block on server.
wp-admin/includes/meta-boxes.php: register_and_do_post_meta_boxes()

Registers the default post meta boxes, and runs the do_meta_boxes actions.
wp-includes/comment.php: wp_comments_personal_data_exporter()

Finds and exports personal data associated with an email address from the comments table.
wp-includes/comment.php: wp_comments_personal_data_eraser()

Erases personal data associated with an email address from the comments table.
wp-includes/link-template.php: get_the_privacy_policy_link()

Returns the privacy policy link with formatting, when applicable.
wp-admin/includes/misc.php: WP_Privacy_Policy_Content::privacy_policy_guide()

Output the privacy policy guide together with content from the theme and plugins.
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_group_html()

Generate a single group for the personal data export report.
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_file()

Generate the personal data export file.
wp-admin/includes/user.php: WP_Privacy_Requests_Table::column_status()

Status column.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_export_personal_data()

Ajax handler for exporting a user’s personal data.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_erase_personal_data()

Ajax handler for erasing personal data.
wp-includes/widgets/class-wp-widget-media-gallery.php: WP_Widget_Media_Gallery::render_control_template_scripts()

Render form template scripts.
wp-includes/customize/class-wp-customize-themes-section.php: WP_Customize_Themes_Section::filter_drawer_content_template()

Render the filter drawer portion of a themes section as a JS template.
wp-includes/customize/class-wp-customize-date-time-control.php: WP_Customize_Date_Time_Control::content_template()

Renders a JS template for the content of date time control.
wp-admin/includes/misc.php: wp_print_plugin_file_tree()

Outputs the formatted file list for the plugin editor.
wp-admin/includes/misc.php: wp_print_theme_file_tree()

Outputs the formatted file list for the theme editor.
wp-includes/widgets/class-wp-widget-media.php: WP_Widget_Media::render_control_template_scripts()

Render form template scripts.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::print_post_type_container()

Print the markup for new menu items.
wp-admin/includes/class-wp-ajax-upgrader-skin.php: WP_Ajax_Upgrader_Skin::get_error_messages()

Retrieves a string for error messages.
wp-admin/includes/ms.php: network_edit_site_nav()

Outputs the HTML for a network’s “Edit Site” tabular interface.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin()

Ajax handler for deleting a plugin.
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme()

Ajax handler for installing a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_update_theme()

Ajax handler for updating a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme()

Ajax handler for deleting a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin()

Ajax handler for installing a plugin.
wp-includes/embed.php: the_embed_site_title()

Prints the necessary markup for the site title in an embed template.
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::start_dynamic_sidebar()

Begins keeping track of the current sidebar being rendered.
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::end_dynamic_sidebar()

Finishes keeping track of the current sidebar being rendered.
wp-includes/embed.php: _oembed_create_xml()

Creates an XML string from a given array.
wp-includes/general-template.php: wp_get_document_title()

Returns document title for the current page.
wp-includes/customize/class-wp-customize-nav-menu-location-control.php: WP_Customize_Nav_Menu_Location_Control::render_content()

Render content just like a normal select control.
wp-includes/customize/class-wp-customize-nav-menu-setting.php: WP_Customize_Nav_Menu_Setting::sanitize()

Sanitize an input.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::available_items_template()

Print the html template used to render the add-menu-item frame.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::enqueue_scripts()

Enqueue scripts and styles for Customizer pane.
wp-includes/customize/class-wp-customize-new-menu-section.php: WP_Customize_New_Menu_Section::render()

Render the section, and the controls that have been added to it.
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::column_title()

Handles the title column output.
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::column_default()

Handles the default column output.
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::handle_row_actions()

Generate and display row actions links.
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_default()

Handles output for the default column.
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_title()

Handles the title column output.
wp-admin/includes/ajax-actions.php: wp_ajax_update_plugin()

Ajax handler for updating a plugin.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::render_control_templates()

Render JS templates for all registered control types.
wp-includes/link-template.php: _navigation_markup()

Wraps passed links in navigational markup.
wp-includes/date.php: WP_Date_Query::validate_date_values()

Validates the given date_query values and triggers errors if something is not valid.
wp-includes/class-wp-customize-section.php: WP_Customize_Section::json()

Gather the parameters passed to client JavaScript via JSON.
wp-includes/l10n.php: wp_dropdown_languages()

Language selector.
wp-admin/includes/ajax-actions.php: wp_ajax_parse_embed()

Apply [embed] Ajax handlers to a string.
wp-admin/includes/translation-install.php: wp_install_language_form()

Output the select form for the language selection on the installation screen.
wp-signup.php: signup_user()

Setup the new user signup process
wp-signup.php: show_blog_form()

Generates and displays the Signup and Create Site forms
wp-admin/includes/class-wp-upgrader.php: WP_Upgrader::fs_connect()

Connect to the filesystem.
wp-admin/includes/class-wp-screen.php: WP_Screen::render_screen_meta()

Render the screen’s help section.
wp-admin/includes/class-wp-plugins-list-table.php: WP_Plugins_List_Table::no_items()
wp-admin/includes/deprecated.php: wp_dropdown_cats()

Legacy function used for generating a categories drop-down control.
wp-admin/includes/theme-install.php: install_themes_dashboard()

Display tags filter for themes.
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::error()
wp-admin/includes/class-wp-upgrader-skin.php: WP_Upgrader_Skin::error()
wp-admin/includes/ms.php: mu_dropdown_languages()

Generates and displays a drop-down of available languages.
wp-includes/user.php: new_user_email_admin_notice()

Adds an admin notice alerting the user to check for confirmation request email after email address change.
wp-admin/includes/misc.php: admin_color_scheme_picker()

Display the default admin color scheme picker (Used in user-edit.php)
wp-admin/includes/plugin-install.php: install_plugin_information()

Display plugin information in dialog box form.
wp-admin/includes/deprecated.php: wp_dashboard_plugins_output()

Display plugins text for the WordPress news widget.
wp-admin/includes/dashboard.php: wp_dashboard_browser_nag()
wp-admin/includes/dashboard.php: wp_dashboard_recent_drafts()

Show recent drafts of the user on the dashboard.
wp-admin/includes/dashboard.php: _wp_dashboard_recent_comments_row()

Outputs a row for the Recent Comments widget.
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/class-walker-category-checklist.php: Walker_Category_Checklist::start_el()

Start the element output.
wp-admin/includes/template.php: _draft_or_post_title()

Get the post title.
wp-admin/includes/template.php: get_inline_data()

Adds hidden fields with the data for use in the inline editor for posts and pages.
wp-admin/includes/template.php: meta_form()

Prints the form in the Custom Fields meta box.
wp-admin/includes/template.php: page_template_dropdown()

Print out option HTML elements for the page templates drop-down.
wp-admin/includes/template.php: parent_dropdown()

Print out option HTML elements for the page parents drop-down.
wp-admin/includes/template.php: do_accordion_sections()

Meta Box Accordion Template Function.
wp-admin/includes/template.php: wp_popular_terms_checklist()

Retrieve a list of the most popular terms from the specified taxonomy.
wp-admin/includes/template.php: wp_link_category_checklist()

Outputs a link category checklist element.
wp-admin/includes/class-wp-users-list-table.php: WP_Users_List_Table::single_row()

Generate HTML for a single row on the users.php admin panel.
wp-admin/includes/media.php: media_upload_type_form()

Outputs the legacy media upload form for a given media type.
wp-admin/includes/media.php: media_upload_library_form()

Outputs the legacy media upload form for the media library.
wp-admin/includes/media.php: attachment_submitbox_metadata()

Displays non-editable attachment metadata in the publish meta box.
wp-admin/includes/media.php: get_media_item()

Retrieve HTML form for modifying the image attachment.
wp-admin/includes/media.php: media_upload_form()

Outputs the legacy media upload form.
wp-admin/includes/media.php: wp_media_upload_handler()

Handles the process of uploading media.
wp-admin/includes/post.php: get_sample_permalink_html()

Returns the HTML of the sample permalink slug editor.
wp-admin/includes/post.php: _wp_post_thumbnail_html()

Output HTML for the post thumbnail meta-box.
wp-admin/includes/post.php: _admin_notice_post_locked()

Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post.
wp-admin/includes/post.php: get_default_post_to_edit()

Default post information to use when populating the “Write Post” form.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_fullscreen_save_post()

Ajax handler for saving posts from the fullscreen editor.
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save()

Ajax handler for Quick Edit saving a post from a list table.
wp-admin/includes/ajax-actions.php: wp_ajax_find_posts()

Ajax handler for querying posts for the Find Posts modal.
wp-admin/includes/ajax-actions.php: wp_ajax_add_link_category()

Ajax handler for adding a link category.
wp-admin/includes/revision.php: wp_get_revision_ui_diff()

Get the revision UI diff.
wp-admin/includes/meta-boxes.php: post_trackback_meta_box()

Display trackback links form fields.
wp-admin/includes/meta-boxes.php: page_attributes_meta_box()

Display page attributes form fields.
wp-admin/includes/meta-boxes.php: post_submit_meta_box()

Displays post submit form fields.
wp-admin/includes/meta-boxes.php: post_format_meta_box()

Display post format form elements.
wp-admin/includes/meta-boxes.php: post_categories_meta_box()

Display post categories form fields.
wp-admin/includes/bookmark.php: edit_link()

Updates or inserts a link using values provided in $_POST.
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_author()
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_response()
wp-admin/includes/class-walker-nav-menu-edit.php: Walker_Nav_Menu_Edit::start_el()

Start the element output.
wp-admin/includes/class-walker-nav-menu-checklist.php: Walker_Nav_Menu_Checklist::start_el()

Start the element output.
wp-admin/includes/nav-menu.php: wp_nav_menu_item_taxonomy_meta_box()

Displays a meta box for a taxonomy menu item.
wp-admin/includes/file.php: request_filesystem_credentials()

Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem.
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::inline_edit()

Outputs the hidden row displayed when inline editing
wp-admin/includes/widgets.php: wp_list_widget_controls()

Show the widgets and their settings for a sidebar.
wp-admin/includes/widgets.php: wp_widget_control()

Meta widget used to display the control form for a widget.
wp-admin/includes/credits.php: _wp_credits_add_profile_link()

Retrieve the link to a contributor’s WordPress.org profile page.
wp-admin/includes/credits.php: _wp_credits_build_object_link()

Retrieve the link to an external library used in WordPress.
wp-admin/custom-header.php: Custom_Image_Header::step_1()

Display first step of custom header image page.
wp-includes/category-template.php: wp_generate_tag_cloud()

Generates a tag cloud (heatmap) from provided data.
wp-includes/l10n.php: esc_html__()

Retrieve the translation of $text and escapes it for safe use in HTML output.
wp-includes/l10n.php: esc_html_e()

Display translated text that has been escaped for safe use in HTML output.
wp-includes/l10n.php: esc_html_x()

Translate string with gettext context, and escapes it for safe use in HTML output.
wp-includes/formatting.php: sanitize_option()

Sanitises various option values based on the nature of the option.
wp-includes/formatting.php: wp_pre_kses_less_than_callback()

Callback function used by preg_replace.
wp-includes/general-template.php: wp_login_form()

Provides a simple login form for use anywhere within WordPress.
wp-includes/deprecated.php: wp_specialchars()

Legacy escaping for HTML blocks.
wp-includes/deprecated.php: the_content_rss()

Display the post content for the feed.
wp-includes/class-wp-theme.php: WP_Theme::markup_header()

Mark up a theme header.
wp-includes/class-wp-theme.php: WP_Theme::__construct()

Constructor for WP_Theme.
wp-includes/functions.php: wp_timezone_choice()

Gives a nicely-formatted list of timezone strings.
wp-includes/functions.php: wp_nonce_url()

Retrieve URL with nonce added to URL query.
wp-includes/functions.php: wp_upload_dir()

Get an array containing the current upload directory’s path and url.
wp-includes/widgets/class-wp-nav-menu-widget.php: WP_Nav_Menu_Widget::form()

Outputs the settings form for the Navigation Menu widget.
wp-includes/widgets/class-wp-widget-rss.php: WP_Widget_RSS::widget()

Outputs the content for the current RSS widget instance.
wp-includes/widgets.php: wp_widget_rss_output()

Display the RSS entries in a list.
wp-includes/class-wp-embed.php: WP_Embed::maybe_make_link()

Conditionally makes a hyperlink based on an internal class variable.
wp-includes/taxonomy.php: sanitize_term_field()

Cleanse the field value in the term based on the context.
wp-includes/update.php: wp_version_check()

Check WordPress version against the newest version.
wp-includes/class-oembed.php: WP_oEmbed::data2html()

Converts a data object from WP_oEmbed::fetch() and returns the HTML.
wp-includes/admin-bar.php: wp_admin_bar_site_menu()

Add the “Site Name” menu.
wp-includes/option.php: wp_protect_special_option()

Protect WordPress special option from being modified.
wp-includes/user.php: wp_dropdown_users()

Create dropdown HTML content of users.
wp-includes/user.php: sanitize_user_field()

Sanitize user field based on context.
wp-includes/class-walker-page-dropdown.php: Walker_PageDropdown::start_el()

Starts the element output.
wp-includes/post-template.php: wp_get_attachment_link()

Retrieve an attachment page link using an image or icon, if possible.
wp-includes/media.php: wp_video_shortcode()

Builds the Video shortcode output.
wp-includes/media.php: wp_audio_shortcode()

Builds the Audio shortcode output.
wp-includes/ms-functions.php: wpmu_welcome_user_notification()

Notify a user that their account activation has been successful.
wp-includes/ms-functions.php: wpmu_welcome_notification()

Notify a user that their blog activation has been successful.
wp-includes/ms-functions.php: wpmu_signup_blog_notification()

Send a confirmation request email to a user when they sign up for a new site. The new site will not become active until the confirmation link is clicked.
wp-includes/ms-functions.php: wpmu_signup_user_notification()

Send a confirmation request email to a user when they sign up for a new user account (without signing up for a site at the same time). The user account will not become active until the confirmation link is clicked.
wp-includes/bookmark.php: sanitize_bookmark_field()

Sanitizes a bookmark field.
wp-includes/ms-deprecated.php: wpmu_admin_do_redirect()

Redirect a user based on $_GET or $_POST arguments.
wp-includes/nav-menu.php: wp_update_nav_menu_object()

Save the properties of a menu or create a new menu with those properties.
wp-includes/rss.php: wp_rss()

Display all RSS items in a HTML ordered list.
wp-includes/rss.php: get_rss()

Display RSS items in HTML list items.
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::pingback_ping()

Retrieves a pingback and registers it.
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::mw_getCategories()

Retrieve the list of categories on a given blog.
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::wp_getTags()

Get list of all tags
wp-includes/class-wp-customize-control.php: WP_Customize_Control::render_content()

Render the control’s content.
wp-includes/widgets.php: wp_widget_description()

Retrieve description for widget.
wp-includes/comment-template.php: get_cancel_comment_reply_link()

Retrieve HTML content for cancel comment reply link.
wp-includes/comment-template.php: get_comment_author_email_link()

Return the html email link to the author of the current comment.
wp-includes/comment-template.php: comment_author_IP()

Display the IP address of the author of the current comment.
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::output_widget_control_templates()

Renders the widget form control templates into the DOM.
wp-includes/class-wp-editor.php: _WP_Editors::wp_link_query()

Performs post queries for internal linking.
wp-includes/media-template.php: wp_print_media_templates()

Prints the templates used in the media manager.
Show 154 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Examples

    $html = esc_html( '<a href="http://www.example.com/">A link</a>' );

    $html now contains this:

    &lt;a href=&quot;http://www.example.com/&quot;&gt;A link&lt;/a&gt;

    which would be displayed in an HTML document as:

    <a href="A" rel="nofollow">http://www.example.com/">A link</a>

    Instead of like this:

    A link

You must log in before being able to contribute a note or feedback.