esc_js( string $text )

Escape single quotes, htmlspecialchar ” < > &, and fix line endings.

Description

Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example onclick="…"). Note that the strings have to be in single quotes. The ‘js_escape’ filter is also applied here.

Parameters

$text: (string) (Required) The text to be escaped.

Return

(string) Escaped text.

Source

File: wp-includes/formatting.php

function esc_js( $text ) {
	$safe_text = wp_check_invalid_utf8( $text );
	$safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
	$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
	$safe_text = str_replace( "\r", '', $safe_text );
	$safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
	/**
	 * Filters a string cleaned and escaped for output in JavaScript.
	 *
	 * Text passed to esc_js() is stripped of invalid or special characters,
	 * and properly slashed for output.
	 *
	 * @since WP-2.0.6
	 *
	 * @param string $safe_text The text after it has been escaped.
 	 * @param string $text      The text prior to being escaped.
	 */
	return apply_filters( 'js_escape', $safe_text, $text );
}

Expand Source Code View on GitHub

Uses

Uses
Uses	Description
wp-includes/plugin.php: apply_filters()	Call the functions added to a filter hook.
wp-includes/formatting.php: js_escape	Filters a string cleaned and escaped for output in JavaScript.
wp-includes/formatting.php: wp_check_invalid_utf8()	Checks for invalid UTF8 in a string.
wp-includes/formatting.php: _wp_specialchars()	Converts a number of special characters into their HTML entities.

Used By

Used By
Used By	Description
wp-includes/deprecated.php: js_escape()	Escape single quotes, specialchar double quotes, and fix line endings.
wp-includes/widgets/class-wp-widget-categories.php: WP_Widget_Categories::widget()	Outputs the content for the current Categories widget instance.
wp-includes/media.php: wp_playlist_scripts()	Outputs and enqueue default scripts and styles for playlists.
wp-includes/media-template.php: wp_print_media_templates()	Prints the templates used in the media manager.
wp-includes/bookmark.php: sanitize_bookmark_field()	Sanitizes a bookmark field.
wp-includes/class-wp-admin-bar.php: WP_Admin_Bar::_render_item()
wp-includes/user.php: sanitize_user_field()	Sanitize user field based on context.
wp-includes/post.php: sanitize_post_field()	Sanitize post field based on context.
wp-includes/taxonomy.php: sanitize_term_field()	Cleanse the field value in the term based on the context.
wp-admin/custom-header.php: Custom_Image_Header::js_1()	Display JavaScript based on Step 1 and 3.
wp-admin/update-core.php: dismissed_updates()
wp-admin/includes/media.php: wp_iframe()	Adds the iframe to display content for the media upload page
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::error()
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::before()
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::after()
wp-admin/includes/template.php: iframe_header()	Generic Iframe header for use with Thickbox
wp-admin/includes/image-edit.php: wp_save_image()	Saves image to post along with enqueued changes in $_REQUEST[‘history’]
wp-admin/includes/class-wp-links-list-table.php: WP_Links_List_Table::handle_row_actions()	Generates and displays row action links.
wp-admin/includes/meta-boxes.php: link_submit_meta_box()	Display link create form fields.
wp-admin/includes/class-wp-themes-list-table.php: WP_Themes_List_Table::display_rows()
wp-admin/includes/ms.php: _thickbox_path_admin_subfolder()	Thickbox image paths for Network Admin.

Show 16 more used by Hide more used by

Changelog

Changelog
Version	Description
WP-2.8.0	Introduced.