esc_html()
WordPress function that escapes HTML entities in a string, preventing XSS when outputting text content.
How it works
WordPress function that escapes HTML entities in a string, preventing XSS when outputting text content.
In WordPress
Use esc_html() for any user-generated text in HTML. WP HealthKit autofix patchers wrap unescaped echo statements.
WP HealthKit checks for esc_html()-related vulnerabilities automatically
Run a Free Audit