esc()

Escape context specific output

esc(string $string, string $context = 'html'): string

Parameters

Name	Type	Default	Description
$stringrequired	`string`	no default value	Untrusted data
$context	`string`	`'html'`	Location of output (`html`, `attr`, `js`, `css`, `url` or `xml`)

string

Escaped data

<p><?= esc('untrusted data') ?></p>

<img alt="<?= esc($alt, 'attr') ?>" src="/your-image.jpg" />

<section style="--columns: <?= esc($columns, 'css')">
...
</section>

<script>
let yourVariable = "<?= esc($variable, 'js') ?>";

// ...
</script>

<iframe src="https://map.example.com/?lat=<?= esc($lat, 'url') ?>&lon=<?= esc($lon, 'url') ?>"></iframe>