When do I need to use esc_attr when using WordPress internal functions

You can look at the Codex.

Encodes < > & ” ‘ (less than, greater than, ampersand, double quote,
single quote). Will never double encode entities.

Given that, arguably, both of those strings need sanitization. Imagine a site name like >> "My" Website's Great Title <<"

Also, since you are using this in Javascript, you should probably be using esc_js instead.

The convention is, “understand how markup works, and how malicious hackers work, and act accordingly.” That is how you know how to use these functions. Also, Trust No One.

See also this article from our member Stephen Harris: Data Sanitization and Validation With WordPress

Related Posts:

  1. Sanitizing, Validating and Escaping in WordPress (Plugin)
  2. Escape when echoed
  3. Is Wrapping intval() Around esc_attr() Redundant for Escaping Input?
  4. How to be escape Variables and options when echo?
  5. How to change a user’s password programatically
  6. Who are the most trusted plugin developers? [closed]
  7. Get plugin_dir_url() from one level deep within plugin
  8. How to delete custom taxonomy terms in plugin’s uninstall.php?
  9. Redirect to settings page after install
  10. Multiple plugins vs combined one
  11. Can i create two tables at single time while installation of custom plugin?
  12. Using add_filter inside another class
  13. SESSION in WordPress Plugin Development
  14. WordPress plugin installation error
  15. How long does it take for a new plugin to be approved?
  16. WordPress Plugin as ‘Library’ From Abstract Application?
  17. Good tools for locating hooks in a wordpress page/admin interface/blog post?
  18. Detecting when a custom taxonomy has been changed and display alert?
  19. How can I get full attachment url from wp_get_attachment_metadata?
  20. How to make my plugin GDPR compatible?
  21. Why is the Settings API is not saving my array of options
  22. Override comments.php template with plugin
  23. Custom plugins/Manipulated plugins: Always a terrible idea to inherit these types of WP sites that discourage updates? [closed]
  24. Accessing GET variable named ‘error’
  25. Why is an action callback function from an instance of a class always invoking the same function from an instance?
  26. Demystifying and understanding shortcode nomenclature
  27. download_url() appears as grey icons
  28. How can I add an options page for my class based plugin?
  29. Sending WP posts to external API
  30. Issue with adding count to “subsubsub” aka quick links on custom_post_type
  31. Register Page Template from Plugin
  32. Private Plugin Updates – Localhost
  33. Any hook for pre-plugin-update -either bulk or single plugin update
  34. wp_create_nonce function doesn’t work inside a plugin?
  35. Making a plugin only available on the front-end for the logged in super admin
  36. When to load auto-login code?
  37. Creating a custom post type, adding custom meta fields, preventing all future editability of posts of this type
  38. Creating a Callback URL for WordPress Woocommerce to update Order Status
  39. How to replace WordPress Media Upload Window with user’s device window?
  40. How to delete custom taxonomy terms in plugin’s uninstall.php?
  41. How can i change the texts of plugin (created by me) in wordpress admin?
  42. Setup wp_schedule_event within a custom plugin
  43. WordPress : Explain Plugins & Theme string value in database
  44. modify plugin to support RTL
  45. execute function after one completed
  46. How can I run a custom shortcode function on a live site and only run if the viewer is a specific machine?
  47. Can I use register_settings and unregister_setting once the settings page has loaded?
  48. Bulk update wordpress posts
  49. How to automatically add edit link on frontpage post of any wordpress theme?
  50. Plugin function inside custom plugin
  51. Is there a plugin for automatically adding a word or symbol after a trigger word? I.e. Like a search and replace but more like search and add? [closed]
  52. Class or function wrapper for plugin code
  53. Licensing a Plugin [closed]
  54. Add a function call after content automatically?
  55. How to use add_action for multiple instances of the same class
  56. Plugin option default value
  57. How can i listing current category and Featured Category post list?
  58. Ajax request sends url rather than data
  59. How to displaying Custom image, text and default image logo from Redux Framework option panel
  60. Security of a WordPress Plugin
  61. Grouping imported products and showing variations based on selected product
  62. save_post_product action not firing
  63. How to get the custom field value using SQL query
  64. specific rows style for in custom list table using WP_List_Table
  65. How to add the search page link to the anchor tag?
  66. How to display the category name in the tab and post inside the tab in WordPress?
  67. How would I Redirect an existing WooCommerce customer to a specific url after Checkout
  68. Has blocks gutenberg block multiples registers type in my Plugin
  69. Ultimate Members Default Post Layout problem
  70. best way to upload a large file to wordpress using wp all import
  71. Why do actions with class and public method don’t fire __construct()
  72. How to define the slug for my custom plugin?
  73. Custom plugin settings page with tab. Error: “Sorry, you are not allowed to access this page.”
  74. return bbp_get_topic_author_id as integer
  75. Dynamic input fields in WordPress Plugin
  76. Is it possible to create duplicate post on other site (either push, on publish, or pull, periodically)?
  77. How to add a box note in wordpress plugin page ? top header side.
  78. Widget outputs the value but doesn’t save anything inside the textarea
  79. WordPress Widget: Is it possible to make the form dynamic without updating?
  80. Why some plugins are including wp-includes/plugin.php file?
  81. Change default url to plugin custom post type
  82. A more elegant way to handle notices/warnings
  83. Redirect default login page to a custom page [duplicate]
  84. appointment plugin doesn’t display all appointments
  85. Display_rows() and column_cb() strange behaviour
  86. WordPress plugin options need to delete after deactivate & uninstall
  87. How can I pass value to function in add_menu_page?
  88. Doing action based on input from options menu
  89. Making a Custom Post Type Publish Loop
  90. What are the downsides of using bootstrap in plugin development?
  91. How to generate a responsive output from plugin?
  92. The plugin generated xxx characters of unexpected output during activation
  93. How to hide a piece of code from a wordpress web page?
  94. How to dispaly post informations (such as titles) in an admin plugin menu page?
  95. Someone Comment 1000 times in a Day in My WordPress Site, What Can i Do
  96. Unable to pass arguments from plugin form to filter hook using ajax, the data is transferring via ajax but unable to pass as arguments in filter hooks
  97. How to update changes to multiple sites at the same time
  98. Why am I getting an error when requiring a file in my plugin?
  99. Running a function using Crown WordPress on one day a week, for example, Mondays of every week
  100. How to make a Template page to show the information of different things Shop and Product page?

Leave a Comment

techhipbettruvabetnorabahisbahis forumutaraftarium24edusedueduseduseduseduedueduseduedus