esc_html()
and esc_textarea()
are, appropriate to their names, escaping functions and really meant for display rather than sanitizing or validating. I would use wp_kses()
or wp_kses_post()
(which is just wp_kses()
with the global $allowedposttags
) to sanitize input from a wp_editor()
field before saving.