Title: escaping – Make WordPress Core

---

#  Tag Archives: escaping

 [  ](https://profiles.wordpress.org/markjaquith/) [Mark Jaquith](https://profiles.wordpress.org/markjaquith/)
4:54 pm _on_ May 18, 2009     
Tags: [API ( 14 )](https://make.wordpress.org/core/tag/api/),
escaping, esc_url_raw, [security ( 18 )](https://make.wordpress.org/core/tag/security/)

# 󠀁[Deprecated clean_url() in favor of esc_u…](https://make.wordpress.org/core/2009/05/18/deprecated-clean_url-in-favor-of-esc_u/)󠁿

Deprecated `clean_url()` in favor of `esc_url()`, and deprecated `sanitize_url()`
in favor of `esc_url_raw()`.

[#api](https://make.wordpress.org/core/tag/api/), [#escaping](https://make.wordpress.org/core/tag/escaping/),
[#esc_url_raw](https://make.wordpress.org/core/tag/esc_url_raw/), [#security](https://make.wordpress.org/core/tag/security/)

 [  ](https://profiles.wordpress.org/markjaquith/) [Mark Jaquith](https://profiles.wordpress.org/markjaquith/)
3:13 pm _on_ May 18, 2009     
Tags: [API ( 14 )](https://make.wordpress.org/core/tag/api/),
escaping, [security ( 18 )](https://make.wordpress.org/core/tag/security/)   

# 󠀁[Deprecated wp_specialchars() in favor of…](https://make.wordpress.org/core/2009/05/18/deprecated-wp_specialchars-in-favor-of/)󠁿

Deprecated `wp_specialchars()` in favor of `esc_html()` (also: `esc_html__()` and`
esc_html_e()`). Using `wp_specialchars()` with more than one param works for backwards
compat. Also, `esc_html()` (or `wp_specialchars()` with one param) escapes quotes,
just like `esc_attr()`. This buys security for pluginPlugin A plugin is a piece 
of software containing a group of functions that can be added to a WordPress website.
They can extend functionality or add new features to your WordPress websites. WordPress
plugins are written in the PHP programming language and integrate seamlessly with
WordPress. These can be free in the WordPress.org Plugin Directory [https://wordpress.org/plugins/](https://wordpress.org/plugins/)
or can be cost-based plugin from a third-party. authors who were mistakenly using
a one-param `wp_specialchars()` call in an HTMLHTML HyperText Markup Language. The
semantic scripting language primarily used for outputting content in web browsers.
attribute. See [this wp-hackers message](http://comox.textdrive.com/pipermail/wp-hackers/2009-May/026242.html)
for more detail.

[#api](https://make.wordpress.org/core/tag/api/), [#escaping](https://make.wordpress.org/core/tag/escaping/),
[#security](https://make.wordpress.org/core/tag/security/)

 [  ](https://profiles.wordpress.org/markjaquith/) [Mark Jaquith](https://profiles.wordpress.org/markjaquith/)
9:16 pm _on_ May 5, 2009     
Tags: [API ( 14 )](https://make.wordpress.org/core/tag/api/),
escaping, [security ( 18 )](https://make.wordpress.org/core/tag/security/)   

# 󠀁[Standardizing and shortening the WP secu…](https://make.wordpress.org/core/2009/05/05/standardizing-and-shortening-the-wp-secu/)󠁿

Standardizing and shortening the WP security escaping functions.

`attribute_escape()` is now `esc_attr()`

Additionally, you can do attribute escaping and translationtranslation The process(
or result) of changing text, words, and display formatting to support another language.
Also see [localization](https://make.wordpress.org/core/tag/escaping/?output_format=md#l10n),
[internationalization](https://make.wordpress.org/core/tag/escaping/?output_format=md#i18n).
in one go. Just add the translation function to the end. Like so:

 * `esc_attr__()` — translate and return, attribute-escaped.
 * `esc_attr_e()` — translate and echo, attribute-escaped.

Will be following up with `esc_html` (with `__()` and `_e()` variants), `esc_url()`,
maybe some more. Will be nice, short, predictable, and allow you do translate/escape
in one go without a lot of nested parenthesis.

[#api](https://make.wordpress.org/core/tag/api/), [#escaping](https://make.wordpress.org/core/tag/escaping/),
[#security](https://make.wordpress.org/core/tag/security/)