esc_js( string $text )

Escape single quotes, htmlspecialchar ” &, and fix line endings.

Description

Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example onclick="…"). Note that the strings have to be in single quotes. The ‘js_escape’ filter is also applied here.

Parameters

$text: (string) (Required) The text to be escaped.

Return

(string) Escaped text.

More Information

See Data Validation for more information on escaping and sanitization.

Source

File: wp-includes/formatting.php

function esc_js( $text ) {
	$safe_text = wp_check_invalid_utf8( $text );
	$safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
	$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
	$safe_text = str_replace( "\r", '', $safe_text );
	$safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
	/**
	 * Filters a string cleaned and escaped for output in JavaScript.
	 *
	 * Text passed to esc_js() is stripped of invalid or special characters,
	 * and properly slashed for output.
	 *
	 * @since 2.0.6
	 *
	 * @param string $safe_text The text after it has been escaped.
	 * @param string $text      The text prior to being escaped.
	 */
	return apply_filters( 'js_escape', $safe_text, $text );
}

Uses

Uses	Description
wp-includes/formatting.php: js_escape	Filters a string cleaned and escaped for output in JavaScript.
wp-includes/formatting.php: wp_check_invalid_utf8()	Checks for invalid UTF8 in a string.
wp-includes/formatting.php: _wp_specialchars()	Converts a number of special characters into their HTML entities.
wp-includes/plugin.php: apply_filters()	Calls the callback functions that have been added to a filter hook.

Used By

Used By	Description
wp-admin/includes/class-wp-links-list-table.php: WP_Links_List_Table::handle_row_actions()	Generates and displays row action links.
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::before()
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::after()
wp-admin/includes/class-bulk-upgrader-skin.php: Bulk_Upgrader_Skin::error()
wp-admin/includes/ms.php: _thickbox_path_admin_subfolder()	Thickbox image paths for Network Admin.
wp-admin/includes/image-edit.php: wp_save_image()	Saves image to post, along with enqueued changes in `$_REQUEST['history']`.
wp-admin/includes/template.php: iframe_header()	Generic Iframe header for use with Thickbox
wp-admin/includes/class-wp-themes-list-table.php: WP_Themes_List_Table::display_rows()
wp-admin/includes/media.php: wp_iframe()	Outputs the iframe to display the media upload page.
wp-admin/includes/meta-boxes.php: link_submit_meta_box()	Display link create form fields.
wp-admin/includes/class-custom-image-header.php: Custom_Image_Header::js_1()	Display JavaScript based on Step 1 and 3.
wp-admin/update-core.php: dismissed_updates()	Display dismissed updates.
wp-includes/deprecated.php: js_escape()	Escape single quotes, specialchar double quotes, and fix line endings.
wp-includes/widgets/class-wp-widget-categories.php: WP_Widget_Categories::widget()	Outputs the content for the current Categories widget instance.
wp-includes/widgets/class-wp-widget-archives.php: WP_Widget_Archives::widget()	Outputs the content for the current Archives widget instance.
wp-includes/taxonomy.php: sanitize_term_field()	Cleanse the field value in the term based on the context.
wp-includes/class-wp-admin-bar.php: WP_Admin_Bar::_render_item()
wp-includes/user.php: sanitize_user_field()	Sanitize user field based on context.
wp-includes/media.php: wp_playlist_scripts()	Outputs and enqueue default scripts and styles for playlists.
wp-includes/post.php: sanitize_post_field()	Sanitizes a post field based on context.
wp-includes/bookmark.php: sanitize_bookmark_field()	Sanitizes a bookmark field.
wp-includes/media-template.php: wp_print_media_templates()	Prints the templates used in the media manager.

Changelog

Version	Description
2.8.0	Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/esc_js