Sanitizing, Escaping (category)
| esc_attr() | Escaping for HTML attributes. Converts |
| esc_html() | Escaping for HTML blocks. Converts |
| esc_js() | Escapes string for save use in JavaScript. Escape single quotes, htmlspecialchar |
| esc_textarea() | Escaping text / string for use in html textarea tag. |
| esc_url() | Cleans a URL for use in text, fixes incorrect and removes unsafe characters. |
| esc_url_raw() | Cleans URL for use in database query, redirects, and HTTP requests. Not cleans for a safe display. |
| safecss_filter_attr() | Cleans CSS properties by removing unsafe and disallowed rules. |
| sanitize_email() | Cleans a string, leaving only characters allowed in an email address. |
| sanitize_file_name() | Sanitizes a file name, replacing spaces with '_' and removing invalid characters, etc. |
| sanitize_html_class() | Prepares text for use in the HTML class attribute: removes all unsuitable characters. |
| sanitize_option() | Sanitizes the given option value using the specified sanitization method. |
| sanitize_post_field() | Sanitizes the specified value of the specified post field. The sanitization level is specified by the $context parameter. |
| sanitize_text_field() | Sanitizes the passed string leaving clean text: without HTML tags, line breaks, etc. |
| sanitize_textarea_field() | Cleans a string passed from a textarea field (when saving to the database) or when retrieved from the database. |
| sanitize_title() | Cleans the given string (title) for use as a slug. |
| sanitize_title_with_dashes() | Cleans the title by replacing spaces with a hyphen |
| tag_escape() | Cleans an HTML tag name. Removes all characters except |
| validate_file() | Checks the given string to see if it is a valid file path (file name). If the check passes, it returns 0; if not, it returns: 1, 2, or 3. |
| wp_check_invalid_utf8() | Checks for the presence of invalid UTF8 characters in a string. |
| wp_filter_kses() | Cleans text, leaving only allowed HTML tags. Expects escaped data. |
| wp_filter_nohtml_kses() | Strips all of the HTML tags in the given content. Receives a slashed string (content). Returns the cleared content. |
| wp_filter_post_kses() | Cleans the content, leaving only allowed HTML tags and adds escaping slashes. |
| wp_kses() | Filters content and keeps only allowable HTML tags, their attributes, and attributes values. |
| wp_kses_data() | Cleans text, leaving only allowed HTML tags and their attributes. Expects unslashed text. |
| wp_strip_all_tags() | Removes all HTML tags from passed content. Script/Style tags removed with their content. |
| wp_targeted_link_rel() | Adds rel noopener to all <a target="..."> tags with the target attribute in the provided text. |