WordPress at a glance
Home Functions Formatting Sanitizing, Escaping

Sanitizing, Escaping (category)

esc_attr()

Escaping for HTML attributes. Converts <, >, &, ", ' characters to HTML entities. Does not make double escaping.

esc_html()

Escaping for HTML blocks. Converts &lt;, &gt;, &, ", ' characters to HTML entities.

esc_js()

Escapes string for save use in JavaScript. Escape single quotes, htmlspecialchar " < > &, and fix line endings.

esc_textarea()

Escaping text / string for use in html textarea tag.

esc_url()

Cleans the URL for use in text, changes the wrong and removes the dangerous characters.

esc_url_raw()

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.

sanitize_email()

Strips out all characters that are not allowable in an email.

sanitize_file_name()

Sanitizes a filename, replacing whitespace with dashes.

sanitize_html_class()

Sanitizes an HTML classname to ensure it only contains valid characters.

sanitize_option()

Sanitises various option values based on the nature of the option.

sanitize_post_field()

Sanitize post field based on context.

sanitize_text_field()

Sanitizes a string from user input or from the database.

sanitize_textarea_field()

Sanitizes a multiline string from user input or from the database.

sanitize_title()

Sanitizes a title, or returns a fallback title.

sanitize_title_with_dashes()

Sanitizes a title, replacing whitespace and a few other characters with dashes.

tag_escape()

Escape an HTML tag name.

validate_file()

Validates a file name and path against an allowed set of rules.

wp_filter_kses()

Sanitize content with allowed HTML Kses rules.

wp_filter_nohtml_kses()

Strips all of the HTML tags in the given content. Receives a slashed string (content). Returns the cleared content.

wp_filter_post_kses()

Sanitize content for allowed HTML tags for post content.

wp_kses()

Filters content and keeps only allowable HTML elements.

wp_kses_data()

Sanitize content with allowed HTML Kses rules.

wp_strip_all_tags()

Properly strip all HTML tags including script and style