i am a little confused how to use escape function on a variable having html code in it. i have tried this
https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
but i could not figure it out.
here is my code:
$output="<p>";
$output .= '<label for="' . esc_attr( $this->get_field_id( 'title' ) ) . '">Title:</label>';
$output .= '<input type="text" class="widefat" id="' . esc_attr( $this->get_field_id( 'title' ) ) . '" name="' . esc_attr( $this->get_field_name( 'title' ) ) . '" value="' . esc_attr( $title ) . '"';
$output .= '</p>';
echo $output;
My question is how i can escape $output without losing html in it?
i am asking because i am submitting this code on themeforest. from where i have been rejected few times because of not escaping code. So now i think it is better to escape there variables. write?
thank you!
5 Answers
You are looking for wp_kses()
. https://developer.wordpress.org/reference/functions/wp_kses/
There are more helper functions like wp_kses_post()
and wp_kses_data()