esc_js( string $text )
Escape single quotes, htmlspecialchar ” < > &, and fix line endings.
Description
Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example onclick="…"). Note that the strings have to be in single quotes. The ‘js_escape’ filter is also applied here.
Parameters
- $text
-
(Required) The text to be escaped.
Return
(string) Escaped text.
Source
File: wp-includes/formatting.php
function esc_js( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
$safe_text = str_replace( "\r", '', $safe_text );
$safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
/**
* Filters a string cleaned and escaped for output in JavaScript.
*
* Text passed to esc_js() is stripped of invalid or special characters,
* and properly slashed for output.
*
* @since WP-2.0.6
*
* @param string $safe_text The text after it has been escaped.
* @param string $text The text prior to being escaped.
*/
return apply_filters( 'js_escape', $safe_text, $text );
}
Changelog
Version | Description |
---|---|
WP-2.8.0 | Introduced. |