Escaping is only necessary when you have no full control of the the thing you are echoing. So as long as $folder
is a variable that you have defined yourself, there’s no real need to escape. But if there is user input involved, there is esc_html
, to be used as follows:
echo esc_html ("this input string contains a > character");
In this case, however, more drastic measures may be needed, because there can be no html tags at all inside option
tags, so you add wp_strip_all_tags
like this:
$folder = wp_strip_all_tags ($folder);
echo esc_html ("<option value=\"{$folder}\">{$folder}</option>");
UPDATE (thanks to Kero in the comments for noticing the error)
$folder = esc_html (wp_strip_all_tags ($folder));
echo "<option value=\"{$folder}\">{$folder}</option>";
Related Posts:
- Escape when echoed
- Hiding WordPress Plugin Source Code
- echo cutom css code to WordPress page template file ? is this safe?
- Should I use spl_autoload_register() in my plugin?
- How can I save a multiple select array with the settings API for a plug-in options page?
- esc_attr() right way and use
- Using register_activation_hook in classes
- Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
- Is there a way for a plugin to add an attribute to the tag of a theme?
- Gutenberg Blocks doesn’t render correctly when using do_blocks
- Can I write ‘RewriteCond’ using ‘functions.php’?
- Resize Image without cropping
- My shortcode is showing up twice
- Database “Migration” for Plugins?
- Custom plugin issue when trying to use the shortcode twice on a page [closed]
- When is is_admin() available?
- Does wp-cron runs all tasks scheduled at same time together or one after other?
- When must I use and verify nonce?
- Sanitizing, Validating and Escaping in WordPress (Plugin)
- Making Quote Plugin more efficient
- How do I use the Simple HTML DOM Parser in plugin when other plugin already uses it?
- Will simple function names in a class structure conflict with other plugins?
- Instantiate class to be available to all plugin functions
- How to test nonce with AJAX – Plugin development
- WP nonce invalid
- How can i upload images in an admin page?
- How to access global variable $menu inside a class function
- Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
- Retrieve $_POST data submitted from external URL in WordPress(NOT API)
- How to upload a file to a folder named after the user_id via plugin
- Reprinting tags with all attributes
- developing a wordpress plugin, have a few PHP Woocommerce related coding questions
- Update results, Before deleting the related category [closed]
- adjust section according to country?
- Adding function to Genesis genesis_header [closed]
- How do I get around “Sorry, this file type is not permitted for security reasons”?
- how to update and display an option without reloading the page
- Security: blocking direct access of php files
- How to obtain the current website URL in my theme?
- What exactly do this function declared into functions.php file of a WP theme?
- Password minimum length in personal subscription [closed]
- How to use html inside a functions.php code?
- Plugin Generate Unexpected output during activation
- WordPress Environment: Dynamic Page using shortcode – how to change the page name for sharing
- Undefined method class::construct() when creating a plugin
- Hook called before text widget save
- zip unzip attachments in wordpress
- wpdb prepare insert table doesn’t work
- how to Update 15k products on plugin activation with meta_option
- Using admin-post.php for admin form but it directs me to admin-post.php white screen
- How can I display Custom Post type Custom Columns and its Content in a Dashboard Widget?
- Adding Additional Variables on Menus Page
- custom plugin with upload files does not work
- Using flickr api in custom wordpress plugin
- Toolbar Hidden in a Virtual Page
- What is the difference between Null vs Empty (Zero Length) string?
- send popup after wp_redirect()
- no_rest_route error on custom routes
- Payment field disappears on custom Paypal plugin
- Adding image upload in tag section – WordPress plugin development
- How to detect and handle the time difference between server and user in WordPress?
- How to Remove Theme Style CSS inside Custom Plugin?
- How to setup the Email piping in WordPress plugin?
- Creating plugin with front-end pages
- How to Send Pingbacks for all Posts in WordPress?
- I am having errors with checkout on wordpress
- Getting an error when my plugin is updated, but the files update correctly
- Creating a POP Alert
- WordPress Plugin Development – get_option error
- how to add new PHP page in WordPress plugin
- How can I get my WordPress plugin to receive data and relay it in an ajax/php request to a remote server that requires authentication?
- How can I update the price when someone enters postcode or zip code in woocommerce checkout page?
- 400 bad request admin-ajax file upload
- Constant expression contains invalid operations plugin class properties visibility
- get Woocommerce product format json for WP_Query
- Update user meta when an external link in admin notice is clicked
- Is there an option to execute javascript file only on plugin activation
- How do I remove an action hook inside a class that is called by another class?
- The plugin generated 225 characters of unexpected output during activation
- Input field duplicates on form submit by jQuery
- Ajax in a class instantiated via shortcode
- Parsing webhook from Shopify in WordPress
- Shortcode Works for Logged in Users but Not Working for Guest
- Submit to itself don’t work
- WordPress / PhpStorm / XDebug and plugin_dir_path issues
- Retrieve $_POST data to send to javascript without using localize script
- Gravity Forms Marketo Plugin Feed [closed]
- Send data from plugin to external database
- See output of a sql query while plugin installation in wordpress
- Why this plugin is not working?
- Permission error on plugin save
- How to execute add_action() function from custom plugin to Crontrol plugin or do_action()?
- display php code in header using wp_head()
- base64_encode conflict with convert_smilies in wordpress
- Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
- Login user into magento using wordpress account
- Customize create table SQL statement in any WordPress plugin
- esc_url, esc_url_raw or sanitize_url?
- wp_register_script – illegal string offset
- what to do after instlling cyberpanel on VPS