Sanitizing, Escaping (category)

esc_attr()

Escaping for HTML attributes. Converts <, >, &, ", ' characters to HTML entities. Does not make double escaping.

esc_html()

Escaping for HTML blocks. Converts <, >, &, ", ' characters to HTML entities.

esc_js()

Escapes string for save use in JavaScript. Escape single quotes, htmlspecialchar " < > &, and fix line endings.

esc_textarea()

Escaping text / string for use in html textarea tag.

esc_url()

Cleans the URL for use in text, changes the wrong and removes the dangerous characters.

esc_url_raw()

Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display.

sanitize_email()

Strips out all characters that are not allowable in an email.

sanitize_file_name()

Sanitizes a filename, replacing whitespace with dashes.

sanitize_html_class()

Sanitizes an HTML classname to ensure it only contains valid characters.

sanitize_option()

Sanitises various option values based on the nature of the option.

sanitize_post_field()

Sanitize post field based on context.

sanitize_text_field()

Sanitizes the passed string leaving clean text: without HTML tags, line breaks, etc.

sanitize_textarea_field()

Sanitizes a multiline string from user input or from the database.

sanitize_title()

Sanitize the passed string (title) to use it as a slug (post_name). Or returns a fallback title.

sanitize_title_with_dashes()

Sanitizes a title, replacing whitespace and a few other characters with dashes.

tag_escape()

Escape an HTML tag name.

validate_file()

Validates a file name and path against an allowed set of rules.

wp_check_invalid_utf8()

Checks for invalid UTF8 in a string.

wp_filter_kses()

Sanitize content with allowed HTML Kses rules.

wp_filter_nohtml_kses()

Strips all of the HTML tags in the given content. Receives a slashed string (content). Returns the cleared content.

wp_filter_post_kses()

Sanitize content for allowed HTML tags for post content.

wp_kses()

Filters content and keeps only allowable HTML tags, their attributes, and attributes values.

wp_kses_data()

Sanitize content with allowed HTML Kses rules.

wp_strip_all_tags()

Removes all HTML tags from passed content. Script/Style tags removed with their content.

wp_targeted_link_rel()

Adds rel noreferrer and noopener to all HTML A elements that have a target.