Which WP functions do you need to use esc_html() or esc_url() on?
Any that return data. If a function outputs internally, then it’s taken responsibility for escaping if a function returns the data for use, it will be unescaped to avoid double escaping, it’s your responsibility This is because you should always late escape so that there is no doubt if a variable is escaped. If the … Read more