esc_js() - Escape single quotes, htmlspecialchar " < > &, and fix line endings.

esc_js() – Escape single quotes, htmlspecialchar " < > &, and fix line endings.

You appear to be a bot. Output may be restricted

Description

Escapes single quotes, `"`, `<`, `>`, `&`, and fixes line endings.

Escapes text strings for echoing in JS. It is intended to be used for inline JS (in a tag attribute, for example `onclick="…"`). Note that the strings have to be in single quotes. The js_escape filter is also applied here.

Usage

$string = esc_js( $text );

Parameters

$text: ( string ) required – The text to be escaped.

Returns

string Escaped text.

Source

File name: wordpress/wp-includes/formatting.php
Lines:

1 to 19 of 19

function esc_js( $text ) {
  $safe_text = wp_check_invalid_utf8( $text );
  $safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
  $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
  $safe_text = str_replace( "\r", '', $safe_text );
  $safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
  
/**
 * Filters a string cleaned and escaped for output in JavaScript.
 *
 * Text passed to esc_js() is stripped of invalid or special characters,
 * and properly slashed for output.
 *
 * @since 2.0.6
 *
 * @param string $safe_text The text after it has been escaped.
 * @param string $text      The text prior to being escaped.
 */
  return apply_filters( 'js_escape', $safe_text, $text );
}

View on GitHub View on Trac