esc_html__() function is a useful WordPress function that is used for escaping a string of text so that it can be safely used in HTML output. The function is typically used to escape any text that may contain HTML tags, special characters or other potentially harmful code.
The double underscore in the function name indicates that this is a translation function, which means that it is used to translate text strings into different languages.
esc_html__() function takes a single argument, which is the text string that needs to be escaped. It then returns the escaped string that is safe to use in HTML output.
It’s important to note that this function is primarily used to prevent cross-site scripting (XSS) attacks, which occur when malicious code is injected into a website through user input. By escaping user input using
esc_html__(), you can prevent these attacks and keep your website secure.
Here is an example usage code for
<?php // Example usage of esc_html__() $untrusted_input = '<script>alert("Hello World!");</script>'; $trusted_output = esc_html__($untrusted_input); echo $trusted_output; ?>
In this example, we have an untrusted input string that contains a script tag. By passing this string through
esc_html__(), we are able to escape the script tag and prevent it from being executed when the output is displayed in the browser.
The output of this code will be:
As you can see, the script tag has been replaced with HTML entities, which makes it safe to use in HTML output.