Encodes < > & ” ‘ (less than, greater than, ampersand, double quote,
single quote). Will never double encode entities.
Given that, arguably, both of those strings need sanitization. Imagine a site name like >> "My" Website's Great Title <<"
Also, since you are using this in Javascript, you should probably be using esc_js
instead.
The convention is, “understand how markup works, and how malicious hackers work, and act accordingly.” That is how you know how to use these functions. Also, Trust No One.
See also this article from our member Stephen Harris: Data Sanitization and Validation With WordPress