How to correctly escape an echo

Escaping is only necessary when you have no full control of the the thing you are echoing. So as long as $folder is a variable that you have defined yourself, there’s no real need to escape. But if there is user input involved, there is esc_html, to be used as follows:

echo esc_html ("this input string contains a > character");

In this case, however, more drastic measures may be needed, because there can be no html tags at all inside option tags, so you add wp_strip_all_tags like this:

$folder = wp_strip_all_tags ($folder);
echo esc_html ("<option value=\"{$folder}\">{$folder}</option>");

UPDATE (thanks to Kero in the comments for noticing the error)

$folder = esc_html (wp_strip_all_tags ($folder));
echo "<option value=\"{$folder}\">{$folder}</option>";

Related Posts:

  1. Escape when echoed
  2. Hiding WordPress Plugin Source Code
  3. echo cutom css code to WordPress page template file ? is this safe?
  4. Should I use spl_autoload_register() in my plugin?
  5. How can I save a multiple select array with the settings API for a plug-in options page?
  6. esc_attr() right way and use
  7. Using register_activation_hook in classes
  8. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  9. Is there a way for a plugin to add an attribute to the tag of a theme?
  10. Gutenberg Blocks doesn’t render correctly when using do_blocks
  11. Can I write ‘RewriteCond’ using ‘functions.php’?
  12. Resize Image without cropping
  13. My shortcode is showing up twice
  14. Database “Migration” for Plugins?
  15. Custom plugin issue when trying to use the shortcode twice on a page [closed]
  16. When is is_admin() available?
  17. Does wp-cron runs all tasks scheduled at same time together or one after other?
  18. When must I use and verify nonce?
  19. Sanitizing, Validating and Escaping in WordPress (Plugin)
  20. Making Quote Plugin more efficient
  21. How do I use the Simple HTML DOM Parser in plugin when other plugin already uses it?
  22. Will simple function names in a class structure conflict with other plugins?
  23. Instantiate class to be available to all plugin functions
  24. How to test nonce with AJAX – Plugin development
  25. WP nonce invalid
  26. How can i upload images in an admin page?
  27. How to access global variable $menu inside a class function
  28. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  29. Retrieve $_POST data submitted from external URL in WordPress(NOT API)
  30. How to upload a file to a folder named after the user_id via plugin
  31. Reprinting tags with all attributes
  32. developing a wordpress plugin, have a few PHP Woocommerce related coding questions
  33. Update results, Before deleting the related category [closed]
  34. adjust section according to country?
  35. Adding function to Genesis genesis_header [closed]
  36. How do I get around “Sorry, this file type is not permitted for security reasons”?
  37. how to update and display an option without reloading the page
  38. Security: blocking direct access of php files
  39. How to obtain the current website URL in my theme?
  40. What exactly do this function declared into functions.php file of a WP theme?
  41. Password minimum length in personal subscription [closed]
  42. How to use html inside a functions.php code?
  43. Plugin Generate Unexpected output during activation
  44. WordPress Environment: Dynamic Page using shortcode – how to change the page name for sharing
  45. Undefined method class::construct() when creating a plugin
  46. Hook called before text widget save
  47. zip unzip attachments in wordpress
  48. wpdb prepare insert table doesn’t work
  49. how to Update 15k products on plugin activation with meta_option
  50. Using admin-post.php for admin form but it directs me to admin-post.php white screen
  51. How can I display Custom Post type Custom Columns and its Content in a Dashboard Widget?
  52. Adding Additional Variables on Menus Page
  53. custom plugin with upload files does not work
  54. Using flickr api in custom wordpress plugin
  55. Toolbar Hidden in a Virtual Page
  56. What is the difference between Null vs Empty (Zero Length) string?
  57. send popup after wp_redirect()
  58. no_rest_route error on custom routes
  59. Payment field disappears on custom Paypal plugin
  60. Adding image upload in tag section – WordPress plugin development
  61. How to detect and handle the time difference between server and user in WordPress?
  62. How to Remove Theme Style CSS inside Custom Plugin?
  63. How to setup the Email piping in WordPress plugin?
  64. Creating plugin with front-end pages
  65. How to Send Pingbacks for all Posts in WordPress?
  66. I am having errors with checkout on wordpress
  67. Getting an error when my plugin is updated, but the files update correctly
  68. Creating a POP Alert
  69. WordPress Plugin Development – get_option error
  70. how to add new PHP page in WordPress plugin
  71. How can I get my WordPress plugin to receive data and relay it in an ajax/php request to a remote server that requires authentication?
  72. How can I update the price when someone enters postcode or zip code in woocommerce checkout page?
  73. 400 bad request admin-ajax file upload
  74. Constant expression contains invalid operations plugin class properties visibility
  75. get Woocommerce product format json for WP_Query
  76. Update user meta when an external link in admin notice is clicked
  77. Is there an option to execute javascript file only on plugin activation
  78. How do I remove an action hook inside a class that is called by another class?
  79. The plugin generated 225 characters of unexpected output during activation
  80. Input field duplicates on form submit by jQuery
  81. Ajax in a class instantiated via shortcode
  82. Parsing webhook from Shopify in WordPress
  83. Shortcode Works for Logged in Users but Not Working for Guest
  84. Submit to itself don’t work
  85. WordPress / PhpStorm / XDebug and plugin_dir_path issues
  86. Retrieve $_POST data to send to javascript without using localize script
  87. Gravity Forms Marketo Plugin Feed [closed]
  88. Send data from plugin to external database
  89. See output of a sql query while plugin installation in wordpress
  90. Why this plugin is not working?
  91. Permission error on plugin save
  92. How to execute add_action() function from custom plugin to Crontrol plugin or do_action()?
  93. display php code in header using wp_head()
  94. base64_encode conflict with convert_smilies in wordpress
  95. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  96. Login user into magento using wordpress account
  97. Customize create table SQL statement in any WordPress plugin
  98. esc_url, esc_url_raw or sanitize_url?
  99. wp_register_script – illegal string offset
  100. what to do after instlling cyberpanel on VPS