Escaping/formatting Methods

Whenever developers collect data from a user and then output it, they must escape that data and then format it before printing it to a web page.

  • Escaping — This concerns the security and integrity of a web page. Data must be escaped so as not to interfere with the rendering of the page and to prevent malicious code from running.
  • Formatting — Formatting is about presenting text in the most faithful manner, depending on the context (for example, by turning prime marks, ', into apostrophes, , within a typical paragraph).

Why Use Thesis’ Escaping/formatting Methods?

Although WordPress provides functions for both escaping and formatting, these functions must always be applied separately to every piece of text developers output.

After a while, having to take two separate actions every time you want to accomplish one thing (like outputting text) becomes a tedious hassle. Even worse, developers must remember which functions to use in which contexts, and this becomes very exhausting in the long run!

To remedy this problem, Thesis includes a series of escaping/formatting methods that combine these two actions into a few easy-to-remember and easy-to-apply packages.

Thesis General API Escaping/formatting Methods

The following methods cover almost every escaping/formatting circumstance developers will encounter while working with both Thesis and WordPress.

To access any of these methods in your own code, you only need to include the $thesis object and then reference the API method(s) like so:

global $thesis;
$thesis->api->[method name]

ef($text)

Escape text and format it for use inside HTML attributes.

efh($text)

Escape text and format it for use between HTML tags (like <p> tags).

efa($text)

Escape text, format it, and allow basic HTML formatting tags, including links.

efn($text)

Escape text, format it, and allow basic HTML formatting tags except links.

ef0($text)

Escape text and format it, but do not allow any HTML tags.