Escaping depends entirely on the context in which you are using the functions. What is safe for displaying inside <h1>
tags, is not necessarily safe to display for the value
attribute of an input field, and even that wouldn’t necessarily be safe as a href
attribute value….
In short – perform the sanitisation yourself as you output it. Though in the case of the_title ()
or get_the_title ()
, esc_html
is not necessary, since WordPress applies the following functions:
Note: the_title
prints the title – so esc_html ( the_title () )
won’t work. Similarly, the_content
prints the content (in any case, you’d expect the content to display HTML).