Whenever developers collect data from a user and then output it, they must escape that data and then format it before printing it to a web page.
- Escaping — This concerns the security and integrity of a web page. Data must be escaped so as not to interfere with the rendering of the page and to prevent malicious code from running.
- Formatting — Formatting is about presenting text in the most faithful manner, depending on the context (for example, by turning prime marks,
', into apostrophes,
’, within a typical paragraph).
Why Use Thesis’ Escaping/formatting Methods?
Although WordPress provides functions for both escaping and formatting, these functions must always be applied separately to every piece of text developers output.
After a while, having to take two separate actions every time you want to accomplish one thing (like outputting text) becomes a tedious hassle. Even worse, developers must remember which functions to use in which contexts, and this becomes very exhausting in the long run!
To remedy this problem, Thesis includes a series of escaping/formatting methods that combine these two actions into a few easy-to-remember and easy-to-apply packages.
Thesis General API Escaping/formatting Methods
The following methods cover almost every escaping/formatting circumstance developers will encounter while working with both Thesis and WordPress.
To access any of these methods in your own code, you only need to include the
$thesis object and then reference the API method(s) like so:
global $thesis; $thesis->api->[method name]
Escape text and format it for use inside HTML attributes.
Escape text and format it for use between HTML tags (like
Escape text, format it, and allow basic HTML formatting tags, including links.
Escape text, format it, and allow basic HTML formatting tags except links.
Escape text and format it, but do not allow any HTML tags.