Define WordPress esc_url | wordpress website securityPosted by DESIGNUX | in : Wordpress
The escape functions like ( esc_url ) serve to protect against attacks and weird characters. Some of the things the functions do is remove invalid characters, remove dangerous characters, and encode characters as HTML entities. The problem is that untrusted data comes from not just users, but could come from things saved in your own database.
A general rule of wordpress, it is good to use the escape functions when any part of the URL is not generated by WordPress functions. If the entire URL is generated only by WordPress functions then the escape functions are not necessary.
<?php esc_url( $url, $protocols, $_context ); ?>
(string) (Required) The URL to be cleaned.
(array) (Optional) An array of acceptable protocols. Defaults to return value of wp_allowed_protocols()
Default value: null
(string) (Optional) Private. Use esc_url_raw() for database usage.
Default value: ‘display’
ESC_URL: WordPress Function