Escaping for HTML attributes.
Parameters
$textstringrequired
Return
stringMore Information
Encodes the <, >, &, ” and ‘ (less than, greater than, ampersand, double quote and single quote) characters. Will never double encode entities.
Always use when escaping HTML attributes (especially form values) such as alt, value, title, etc. To escape the value of a translation use esc_attr__() instead; to escape, translate and echo, use esc_attr_e().
Source
function esc_attr( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
/**
* Filters a string cleaned and escaped for output in an HTML attribute.
*
* Text passed to esc_attr() is stripped of invalid or special characters
* before output.
*
* @since 2.0.6
*
* @param string $safe_text The text after it has been escaped.
* @param string $text The text prior to being escaped.
*/
return apply_filters( 'attribute_escape', $safe_text, $text );
}
Hooks
- apply_filters( ‘attribute_escape’,
string $safe_text ,string $text ) Filters a string cleaned and escaped for output in an HTML attribute.
Related
| Uses | Description |
|---|---|
wp_check_invalid_utf8()wp-includes/formatting.php | Checks for invalid UTF8 in a string. |
_wp_specialchars()wp-includes/formatting.php | Converts a number of special characters into their HTML entities. |
apply_filters()wp-includes/plugin.php | Calls the callback functions that have been added to a filter hook. |
| Used by | Description |
|---|---|
WP_Script_Modules::print_script_module_preloads()wp-includes/class-wp-script-modules.php | Prints the the static dependencies of the enqueued script modules using link tags with rel=”modulepreload” attributes. |
WP_Plugin_Install_List_Table::get_more_details_link()wp-admin/includes/class-wp-plugin-install-list-table.php | Creates a ‘More details’ link for the plugin. |
wp_get_plugin_action_button()wp-admin/includes/plugin-install.php | Gets the markup for the plugin install action button. |
WP_Plugins_List_Table::get_view_details_link()wp-admin/includes/class-wp-plugins-list-table.php | Returns a ‘View details’ link for the plugin. |
wp_get_admin_notice()wp-includes/functions.php | Creates and returns the markup for an admin notice. |
Walker_Nav_Menu::build_atts()wp-includes/class-walker-nav-menu.php | Builds a string of HTML attributes from an array of key/value pairs. |
WP_Duotone::get_filter_svg()wp-includes/class-wp-duotone.php | Gets the SVG for the duotone filter definition. |
_make_clickable_rel_attr()wp-includes/formatting.php | Helper function used to build the “rel” attribute for a URL when creating an anchor using make_clickable() . |
wp_img_tag_add_decoding_attr()wp-includes/deprecated.php | Adds |
wp_preload_resources()wp-includes/general-template.php | Prints resource preloads directives to browsers. |
wp_list_users()wp-includes/user.php | Lists all the users of the site, with several options available. |
wp_robots()wp-includes/robots-template.php | Displays the robots meta tag as necessary. |
wp_sanitize_script_attributes()wp-includes/script-loader.php | Sanitizes an attributes array into an attributes string to be placed inside a |
get_block_wrapper_attributes()wp-includes/class-wp-block-supports.php | Generates a string of attributes by applying to the current block being rendered all of the features that the block supports. |
WP_Application_Passwords_List_Table::column_revoke()wp-admin/includes/class-wp-application-passwords-list-table.php | Handles the revoke column output. |
WP_Application_Passwords_List_Table::display_tablenav()wp-admin/includes/class-wp-application-passwords-list-table.php | Generates custom table navigation to prevent conflicting nonces. |
WP_Application_Passwords_List_Table::single_row()wp-admin/includes/class-wp-application-passwords-list-table.php | Generates content for a single row of the table. |
WP_Application_Passwords_List_Table::print_js_template_row()wp-admin/includes/class-wp-application-passwords-list-table.php | Prints the JavaScript template for the new row item. |
WP_Comments_List_Table::comment_type_dropdown()wp-admin/includes/class-wp-comments-list-table.php | Displays a comment type drop-down for filtering on the Comments list table. |
wp_img_tag_add_loading_attr()wp-includes/deprecated.php | Adds |
wp_admin_viewport_meta()wp-admin/includes/misc.php | Displays the viewport meta in the admin. |
wp_rel_callback()wp-includes/formatting.php | Callback to add a rel attribute to HTML A element. |
wp_credits_section_list()wp-admin/includes/credits.php | Displays a list of contributors for a given group. |
WP_Privacy_Data_Removal_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Actions column. |
WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Next steps column. |
WP_Privacy_Data_Export_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Actions column. |
WP_Privacy_Data_Export_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Displays the next steps column. |
wp_filter_oembed_iframe_title_attribute()wp-includes/embed.php | Filters the given oEmbed HTML to make sure iframes have a title attribute. |
WP_Site_Health::get_test_background_updates()wp-admin/includes/class-wp-site-health.php | Tests if WordPress can run automated background updates. |
WP_Posts_List_Table::formats_dropdown()wp-admin/includes/class-wp-posts-list-table.php | Displays a formats drop-down for filtering items. |
wp_targeted_link_rel_callback()wp-includes/formatting.php | Callback to add |
the_block_editor_meta_boxes()wp-admin/includes/post.php | Renders the meta boxes forms. |
the_block_editor_meta_box_post_form_hidden_fields()wp-admin/includes/post.php | Renders the hidden form required for the meta boxes form. |
wp_privacy_generate_personal_data_export_group_html()wp-admin/includes/privacy-tools.php | Generate a single group for the personal data export report. |
wp_privacy_generate_personal_data_export_file()wp-admin/includes/privacy-tools.php | Generate the personal data export file. |
WP_Privacy_Requests_Table::column_status()wp-admin/includes/class-wp-privacy-requests-table.php | Status column. |
WP_Privacy_Requests_Table::single_row()wp-admin/includes/class-wp-privacy-requests-table.php | Generates content for a single row of the table, |
WP_Privacy_Requests_Table::column_cb()wp-admin/includes/class-wp-privacy-requests-table.php | Returns the markup for the Checkbox column. |
WP_Widget_Text::is_legacy_instance()wp-includes/widgets/class-wp-widget-text.php | Determines whether a given instance is legacy and should bypass using TinyMCE. |
WP_Widget_Media_Gallery::render_control_template_scripts()wp-includes/widgets/class-wp-widget-media-gallery.php | Render form template scripts. |
WP_Widget_Custom_HTML::form()wp-includes/widgets/class-wp-widget-custom-html.php | Outputs the Custom HTML widget settings form. |
WP_Customize_Nav_Menu_Locations_Control::content_template()wp-includes/customize/class-wp-customize-nav-menu-locations-control.php | JS/Underscore template for the control UI. |
WP_Customize_Themes_Section::filter_drawer_content_template()wp-includes/customize/class-wp-customize-themes-section.php | Renders the filter drawer portion of a themes section as a JS template. |
wp_load_press_this()wp-admin/press-this.php | |
wp_print_plugin_file_tree()wp-admin/includes/misc.php | Outputs the formatted file list for the plugin file editor. |
wp_print_theme_file_tree()wp-admin/includes/misc.php | Outputs the formatted file list for the theme file editor. |
WP_Widget_Media::form()wp-includes/widgets/class-wp-widget-media.php | Outputs the settings update form. |
WP_Widget_Media::render_control_template_scripts()wp-includes/widgets/class-wp-widget-media.php | Render form template scripts. |
WP_Widget_Media_Image::render_media()wp-includes/widgets/class-wp-widget-media-image.php | Render the media on the frontend. |
WP_Widget_Media_Image::render_control_template_scripts()wp-includes/widgets/class-wp-widget-media-image.php | Render form template scripts. |
WP_Customize_Nav_Menus::print_post_type_container()wp-includes/class-wp-customize-nav-menus.php | Prints the markup for new menu items. |
WP_Customize_Background_Position_Control::content_template()wp-includes/customize/class-wp-customize-background-position-control.php | Render a JS template for the content of the position control. |
wp_resource_hints()wp-includes/general-template.php | Prints resource hints to browsers for pre-fetching, pre-rendering and pre-connecting to websites. |
network_edit_site_nav()wp-admin/includes/ms.php | Outputs the HTML for a network’s “Edit Site” tabular interface. |
WP_Plugins_List_Table::search_box()wp-admin/includes/class-wp-plugins-list-table.php | Displays the search box. |
WP_Customize_Widgets::filter_dynamic_sidebar_params()wp-includes/class-wp-customize-widgets.php | Inject selective refresh data attributes into widget container elements. |
get_post_embed_html()wp-includes/embed.php | Retrieves the embed code for a specific post. |
get_the_author_posts_link()wp-includes/author-template.php | Retrieves an HTML link to the author page of the current post’s author. |
WP_Posts_List_Table::get_edit_link()wp-admin/includes/class-wp-posts-list-table.php | Creates a link to edit.php with params. |
WP_Customize_Nav_Menu_Location_Control::render_content()wp-includes/customize/class-wp-customize-nav-menu-location-control.php | Render content just like a normal select control. |
WP_Customize_Panel::print_template()wp-includes/class-wp-customize-panel.php | Render the panel’s JS templates. |
get_language_attributes()wp-includes/general-template.php | Gets the language attributes for the ‘html’ tag. |
WP_Customize_Nav_Menus::filter_wp_nav_menu()wp-includes/class-wp-customize-nav-menus.php | Prepares wp_nav_menu() calls for partial refresh. |
WP_Customize_New_Menu_Section::render()wp-includes/customize/class-wp-customize-new-menu-section.php | Render the section, and the controls that have been added to it. |
WP_Posts_List_Table::handle_row_actions()wp-admin/includes/class-wp-posts-list-table.php | Generates and displays row action links. |
WP_Posts_List_Table::column_title()wp-admin/includes/class-wp-posts-list-table.php | Handles the title column output. |
WP_Links_List_Table::column_cb()wp-admin/includes/class-wp-links-list-table.php | Handles the checkbox column output. |
WP_Links_List_Table::column_name()wp-admin/includes/class-wp-links-list-table.php | Handles the link name column output. |
WP_MS_Themes_List_Table::column_name()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the name column output. |
WP_MS_Themes_List_Table::column_description()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the description column output. |
WP_MS_Themes_List_Table::column_cb()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the checkbox column output. |
WP_MS_Sites_List_Table::column_cb()wp-admin/includes/class-wp-ms-sites-list-table.php | Handles the checkbox column output. |
WP_Terms_List_Table::handle_row_actions()wp-admin/includes/class-wp-terms-list-table.php | Generates and displays row action links. |
WP_MS_Users_List_Table::column_blogs()wp-admin/includes/class-wp-ms-users-list-table.php | Handles the sites column output. |
WP_MS_Users_List_Table::column_cb()wp-admin/includes/class-wp-ms-users-list-table.php | Handles the checkbox column output. |
WP_Media_List_Table::column_parent()wp-admin/includes/class-wp-media-list-table.php | Handles the parent column output. |
WP_Media_List_Table::column_title()wp-admin/includes/class-wp-media-list-table.php | Handles the title column output. |
| wp_kses_one_attr() |