Define WordPress esc_url, Secure your static url

Posted by DESIGNUX | February 20, 2016 | in : Wordpress

The escape functions like ( esc_url ) serve to protect against attacks and weird characters. Some of the things the functions do is remove invalid characters, remove dangerous characters, and encode characters as HTML entities. The problem is that untrusted data comes from not just users, but could come from things saved in your own database.

A general rule of wordpress, it is good to use the escape functions when any part of the URL is not generated by WordPress functions. If the entire URL is generated only by WordPress functions then the escape functions are not necessary.




(string) (Required) The URL to be cleaned.


(array) (Optional) An array of acceptable protocols. Defaults to return value of wp_allowed_protocols()

Default value: null


(string) (Optional) Private. Use esc_url_raw() for database usage.

Default value: ‘display’

ESC_URL: WordPress Function



Related Posts

Comments are closed.