esc_html( string $text )
Escaping for HTML blocks.
Description #Description
Parameters #Parameters
- $text
-
(string) (Required)
Return #Return
(string)
Source #Source
File: wp-includes/formatting.php
function esc_html( $text ) { $safe_text = wp_check_invalid_utf8( $text ); $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); /** * Filters a string cleaned and escaped for output in HTML. * * Text passed to esc_html() is stripped of invalid or special characters * before output. * * @since 2.8.0 * * @param string $safe_text The text after it has been escaped. * @param string $text The text prior to being escaped. */ return apply_filters( 'esc_html', $safe_text, $text ); }
Expand full source code Collapse full source code View on Trac
Changelog #Changelog
Version | Description |
---|---|
2.8.0 | Introduced. |
Related #Related
Uses #Uses
Uses | Description |
---|---|
wp-includes/formatting.php: esc_html |
Filters a string cleaned and escaped for output in HTML. |
wp-includes/formatting.php: wp_check_invalid_utf8() |
Checks for invalid UTF8 in a string. |
wp-includes/formatting.php: _wp_specialchars() |
Converts a number of special characters into their HTML entities. |
wp-includes/plugin.php: apply_filters() |
Call the functions added to a filter hook. |
Used By #Used By
Used By | Description |
---|---|
wp-includes/blocks/latest-comments.php: wp_latest_comments_draft_or_post_title() |
Get the post title. |
wp-includes/blocks/latest-posts.php: render_block_core_latest_posts() |
Renders the |
wp-admin/includes/meta-boxes.php: register_and_do_post_meta_boxes() |
Registers the default post meta boxes, and runs the |
wp-includes/comment.php: wp_comments_personal_data_exporter() |
Finds and exports personal data associated with an email address from the comments table. |
wp-includes/comment.php: wp_comments_personal_data_eraser() |
Erases personal data associated with an email address from the comments table. |
wp-includes/link-template.php: get_the_privacy_policy_link() |
Returns the privacy policy link with formatting, when applicable. |
wp-admin/includes/misc.php: WP_Privacy_Policy_Content::privacy_policy_guide() |
Output the privacy policy guide together with content from the theme and plugins. |
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_group_html() |
Generate a single group for the personal data export report. |
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_file() |
Generate the personal data export file. |
wp-admin/includes/user.php: WP_Privacy_Requests_Table::column_status() |
Status column. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_export_personal_data() |
Ajax handler for exporting a user’s personal data. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_erase_personal_data() |
Ajax handler for erasing personal data. |
wp-includes/widgets/class-wp-widget-media-gallery.php: WP_Widget_Media_Gallery::render_control_template_scripts() |
Render form template scripts. |
wp-includes/customize/class-wp-customize-themes-section.php: WP_Customize_Themes_Section::filter_drawer_content_template() |
Render the filter drawer portion of a themes section as a JS template. |
wp-includes/customize/class-wp-customize-date-time-control.php: WP_Customize_Date_Time_Control::content_template() |
Renders a JS template for the content of date time control. |
wp-admin/includes/misc.php: wp_print_plugin_file_tree() |
Outputs the formatted file list for the plugin editor. |
wp-admin/includes/misc.php: wp_print_theme_file_tree() |
Outputs the formatted file list for the theme editor. |
wp-includes/widgets/class-wp-widget-media.php: WP_Widget_Media::render_control_template_scripts() |
Render form template scripts. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::print_post_type_container() |
Print the markup for new menu items. |
wp-admin/includes/class-wp-ajax-upgrader-skin.php: WP_Ajax_Upgrader_Skin::get_error_messages() |
Retrieves a string for error messages. |
wp-admin/includes/ms.php: network_edit_site_nav() |
Outputs the HTML for a network’s “Edit Site” tabular interface. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin() |
Ajax handler for deleting a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme() |
Ajax handler for installing a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_update_theme() |
Ajax handler for updating a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme() |
Ajax handler for deleting a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin() |
Ajax handler for installing a plugin. |
wp-includes/embed.php: the_embed_site_title() |
Prints the necessary markup for the site title in an embed template. |
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::start_dynamic_sidebar() |
Begins keeping track of the current sidebar being rendered. |
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::end_dynamic_sidebar() |
Finishes keeping track of the current sidebar being rendered. |
wp-includes/embed.php: _oembed_create_xml() |
Creates an XML string from a given array. |
wp-includes/general-template.php: wp_get_document_title() |
Returns document title for the current page. |
wp-includes/customize/class-wp-customize-nav-menu-location-control.php: WP_Customize_Nav_Menu_Location_Control::render_content() |
Render content just like a normal select control. |
wp-includes/customize/class-wp-customize-nav-menu-setting.php: WP_Customize_Nav_Menu_Setting::sanitize() |
Sanitize an input. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::available_items_template() |
Print the html template used to render the add-menu-item frame. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::enqueue_scripts() |
Enqueue scripts and styles for Customizer pane. |
wp-includes/customize/class-wp-customize-new-menu-section.php: WP_Customize_New_Menu_Section::render() |
Render the section, and the controls that have been added to it. |
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::column_title() |
Handles the title column output. |
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::column_default() |
Handles the default column output. |
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::handle_row_actions() |
Generate and display row actions links. |
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_default() |
Handles output for the default column. |
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_title() |
Handles the title column output. |
wp-admin/includes/ajax-actions.php: wp_ajax_update_plugin() |
Ajax handler for updating a plugin. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::render_control_templates() |
Render JS templates for all registered control types. |
wp-includes/link-template.php: _navigation_markup() |
Wraps passed links in navigational markup. |
wp-includes/date.php: WP_Date_Query::validate_date_values() |
Validates the given date_query values and triggers errors if something is not valid. |
wp-includes/class-wp-customize-section.php: WP_Customize_Section::json() |
Gather the parameters passed to client JavaScript via JSON. |
wp-includes/l10n.php: wp_dropdown_languages() |
Language selector. |
wp-admin/includes/ajax-actions.php: wp_ajax_parse_embed() |
Apply [embed] Ajax handlers to a string. |
wp-admin/includes/translation-install.php: wp_install_language_form() |
Output the select form for the language selection on the installation screen. |
wp-signup.php: signup_user() |
Setup the new user signup process |
wp-signup.php: show_blog_form() |
Generates and displays the Signup and Create Site forms |
wp-admin/includes/class-wp-upgrader.php: WP_Upgrader::fs_connect() |
Connect to the filesystem. |
wp-admin/includes/class-wp-screen.php: WP_Screen::render_screen_meta() |
Render the screen’s help section. |
wp-admin/includes/class-wp-plugins-list-table.php: WP_Plugins_List_Table::no_items() | |
wp-admin/includes/deprecated.php: wp_dropdown_cats() |
Legacy function used for generating a categories drop-down control. |
wp-admin/includes/theme-install.php: install_themes_dashboard() |
Display tags filter for themes. |
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::error() | |
wp-admin/includes/class-wp-upgrader-skin.php: WP_Upgrader_Skin::error() | |
wp-admin/includes/ms.php: mu_dropdown_languages() |
Generates and displays a drop-down of available languages. |
wp-includes/user.php: new_user_email_admin_notice() |
Adds an admin notice alerting the user to check for confirmation request email after email address change. |
wp-admin/includes/misc.php: admin_color_scheme_picker() |
Display the default admin color scheme picker (Used in user-edit.php) |
wp-admin/includes/plugin-install.php: install_plugin_information() |
Display plugin information in dialog box form. |
wp-admin/includes/deprecated.php: wp_dashboard_plugins_output() |
Display plugins text for the WordPress news widget. |
wp-admin/includes/dashboard.php: wp_dashboard_browser_nag() | |
wp-admin/includes/dashboard.php: wp_dashboard_recent_drafts() |
Show recent drafts of the user on the dashboard. |
wp-admin/includes/dashboard.php: _wp_dashboard_recent_comments_row() |
Outputs a row for the Recent Comments widget. |
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows() | |
wp-admin/includes/class-walker-category-checklist.php: Walker_Category_Checklist::start_el() |
Start the element output. |
wp-admin/includes/template.php: _draft_or_post_title() |
Get the post title. |
wp-admin/includes/template.php: get_inline_data() |
Adds hidden fields with the data for use in the inline editor for posts and pages. |
wp-admin/includes/template.php: meta_form() |
Prints the form in the Custom Fields meta box. |
wp-admin/includes/template.php: page_template_dropdown() |
Print out option HTML elements for the page templates drop-down. |
wp-admin/includes/template.php: parent_dropdown() |
Print out option HTML elements for the page parents drop-down. |
wp-admin/includes/template.php: do_accordion_sections() |
Meta Box Accordion Template Function. |
wp-admin/includes/template.php: wp_popular_terms_checklist() |
Retrieve a list of the most popular terms from the specified taxonomy. |
wp-admin/includes/template.php: wp_link_category_checklist() |
Outputs a link category checklist element. |
wp-admin/includes/class-wp-users-list-table.php: WP_Users_List_Table::single_row() |
Generate HTML for a single row on the users.php admin panel. |
wp-admin/includes/media.php: media_upload_type_form() |
Outputs the legacy media upload form for a given media type. |
wp-admin/includes/media.php: media_upload_library_form() |
Outputs the legacy media upload form for the media library. |
wp-admin/includes/media.php: attachment_submitbox_metadata() |
Displays non-editable attachment metadata in the publish meta box. |
wp-admin/includes/media.php: get_media_item() |
Retrieve HTML form for modifying the image attachment. |
wp-admin/includes/media.php: media_upload_form() |
Outputs the legacy media upload form. |
wp-admin/includes/media.php: wp_media_upload_handler() |
Handles the process of uploading media. |
wp-admin/includes/post.php: get_sample_permalink_html() |
Returns the HTML of the sample permalink slug editor. |
wp-admin/includes/post.php: _wp_post_thumbnail_html() |
Output HTML for the post thumbnail meta-box. |
wp-admin/includes/post.php: _admin_notice_post_locked() |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp-admin/includes/post.php: get_default_post_to_edit() |
Default post information to use when populating the “Write Post” form. |
wp-admin/includes/ajax-actions.php: wp_ajax_wp_fullscreen_save_post() |
Ajax handler for saving posts from the fullscreen editor. |
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save() |
Ajax handler for Quick Edit saving a post from a list table. |
wp-admin/includes/ajax-actions.php: wp_ajax_find_posts() |
Ajax handler for querying posts for the Find Posts modal. |
wp-admin/includes/ajax-actions.php: wp_ajax_add_link_category() |
Ajax handler for adding a link category. |
wp-admin/includes/revision.php: wp_get_revision_ui_diff() |
Get the revision UI diff. |
wp-admin/includes/meta-boxes.php: post_trackback_meta_box() |
Display trackback links form fields. |
wp-admin/includes/meta-boxes.php: page_attributes_meta_box() |
Display page attributes form fields. |
wp-admin/includes/meta-boxes.php: post_submit_meta_box() |
Displays post submit form fields. |
wp-admin/includes/meta-boxes.php: post_format_meta_box() |
Display post format form elements. |
wp-admin/includes/meta-boxes.php: post_categories_meta_box() |
Display post categories form fields. |
wp-admin/includes/bookmark.php: edit_link() |
Updates or inserts a link using values provided in $_POST. |
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_author() | |
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_response() | |
wp-admin/includes/class-walker-nav-menu-edit.php: Walker_Nav_Menu_Edit::start_el() |
Start the element output. |
wp-admin/includes/class-walker-nav-menu-checklist.php: Walker_Nav_Menu_Checklist::start_el() |
Start the element output. |
wp-admin/includes/nav-menu.php: wp_nav_menu_item_taxonomy_meta_box() |
Displays a meta box for a taxonomy menu item. |
wp-admin/includes/file.php: request_filesystem_credentials() |
Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::inline_edit() |
Outputs the hidden row displayed when inline editing |
wp-admin/includes/widgets.php: wp_list_widget_controls() |
Show the widgets and their settings for a sidebar. |
wp-admin/includes/widgets.php: wp_widget_control() |
Meta widget used to display the control form for a widget. |
wp-admin/includes/credits.php: _wp_credits_add_profile_link() |
Retrieve the link to a contributor’s WordPress.org profile page. |
wp-admin/includes/credits.php: _wp_credits_build_object_link() |
Retrieve the link to an external library used in WordPress. |
wp-admin/custom-header.php: Custom_Image_Header::step_1() |
Display first step of custom header image page. |
wp-includes/category-template.php: wp_generate_tag_cloud() |
Generates a tag cloud (heatmap) from provided data. |
wp-includes/l10n.php: esc_html__() |
Retrieve the translation of $text and escapes it for safe use in HTML output. |
wp-includes/l10n.php: esc_html_e() |
Display translated text that has been escaped for safe use in HTML output. |
wp-includes/l10n.php: esc_html_x() |
Translate string with gettext context, and escapes it for safe use in HTML output. |
wp-includes/formatting.php: sanitize_option() |
Sanitises various option values based on the nature of the option. |
wp-includes/formatting.php: wp_pre_kses_less_than_callback() |
Callback function used by preg_replace. |
wp-includes/general-template.php: wp_login_form() |
Provides a simple login form for use anywhere within WordPress. |
wp-includes/deprecated.php: wp_specialchars() |
Legacy escaping for HTML blocks. |
wp-includes/deprecated.php: the_content_rss() |
Display the post content for the feed. |
wp-includes/class-wp-theme.php: WP_Theme::markup_header() |
Mark up a theme header. |
wp-includes/class-wp-theme.php: WP_Theme::__construct() |
Constructor for WP_Theme. |
wp-includes/functions.php: wp_timezone_choice() |
Gives a nicely-formatted list of timezone strings. |
wp-includes/functions.php: wp_nonce_url() |
Retrieve URL with nonce added to URL query. |
wp-includes/functions.php: wp_upload_dir() |
Get an array containing the current upload directory’s path and url. |
wp-includes/widgets/class-wp-nav-menu-widget.php: WP_Nav_Menu_Widget::form() |
Outputs the settings form for the Navigation Menu widget. |
wp-includes/widgets/class-wp-widget-rss.php: WP_Widget_RSS::widget() |
Outputs the content for the current RSS widget instance. |
wp-includes/widgets.php: wp_widget_rss_output() |
Display the RSS entries in a list. |
wp-includes/class-wp-embed.php: WP_Embed::maybe_make_link() |
Conditionally makes a hyperlink based on an internal class variable. |
wp-includes/taxonomy.php: sanitize_term_field() |
Cleanse the field value in the term based on the context. |
wp-includes/update.php: wp_version_check() |
Check WordPress version against the newest version. |
wp-includes/class-oembed.php: WP_oEmbed::data2html() |
Converts a data object from WP_oEmbed::fetch() and returns the HTML. |
wp-includes/admin-bar.php: wp_admin_bar_site_menu() |
Add the “Site Name” menu. |
wp-includes/option.php: wp_protect_special_option() |
Protect WordPress special option from being modified. |
wp-includes/user.php: wp_dropdown_users() |
Create dropdown HTML content of users. |
wp-includes/user.php: sanitize_user_field() |
Sanitize user field based on context. |
wp-includes/class-walker-page-dropdown.php: Walker_PageDropdown::start_el() |
Starts the element output. |
wp-includes/post-template.php: wp_get_attachment_link() |
Retrieve an attachment page link using an image or icon, if possible. |
wp-includes/media.php: wp_video_shortcode() |
Builds the Video shortcode output. |
wp-includes/media.php: wp_audio_shortcode() |
Builds the Audio shortcode output. |
wp-includes/ms-functions.php: wpmu_welcome_user_notification() |
Notify a user that their account activation has been successful. |
wp-includes/ms-functions.php: wpmu_welcome_notification() |
Notify a user that their blog activation has been successful. |
wp-includes/ms-functions.php: wpmu_signup_blog_notification() |
Send a confirmation request email to a user when they sign up for a new site. The new site will not become active until the confirmation link is clicked. |
wp-includes/ms-functions.php: wpmu_signup_user_notification() |
Send a confirmation request email to a user when they sign up for a new user account (without signing up for a site at the same time). The user account will not become active until the confirmation link is clicked. |
wp-includes/bookmark.php: sanitize_bookmark_field() |
Sanitizes a bookmark field. |
wp-includes/ms-deprecated.php: wpmu_admin_do_redirect() |
Redirect a user based on $_GET or $_POST arguments. |
wp-includes/nav-menu.php: wp_update_nav_menu_object() |
Save the properties of a menu or create a new menu with those properties. |
wp-includes/rss.php: wp_rss() |
Display all RSS items in a HTML ordered list. |
wp-includes/rss.php: get_rss() |
Display RSS items in HTML list items. |
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::pingback_ping() |
Retrieves a pingback and registers it. |
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::mw_getCategories() |
Retrieve the list of categories on a given blog. |
wp-includes/class-wp-xmlrpc-server.php: wp_xmlrpc_server::wp_getTags() |
Get list of all tags |
wp-includes/class-wp-customize-control.php: WP_Customize_Control::render_content() |
Render the control’s content. |
wp-includes/widgets.php: wp_widget_description() |
Retrieve description for widget. |
wp-includes/comment-template.php: get_cancel_comment_reply_link() |
Retrieve HTML content for cancel comment reply link. |
wp-includes/comment-template.php: get_comment_author_email_link() |
Return the html email link to the author of the current comment. |
wp-includes/comment-template.php: comment_author_IP() |
Display the IP address of the author of the current comment. |
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::output_widget_control_templates() |
Renders the widget form control templates into the DOM. |
wp-includes/class-wp-editor.php: _WP_Editors::wp_link_query() |
Performs post queries for internal linking. |
wp-includes/media-template.php: wp_print_media_templates() |
Prints the templates used in the media manager. |
User Contributed Notes #User Contributed Notes
You must log in before being able to contribute a note or feedback.
Examples
$html now contains this:
which would be displayed in an HTML document as:
<a href="A" rel="nofollow">http://www.example.com/">A link</a>
Instead of like this:
A link
Note that
esc_html
will attempt to avoid double-encoding. Take this code:This will print
A & B
instead ofA &amp; B
.After using
esc_html()
on your example string you would have: