Whenever developers collect data from a user and then output it, they must escape that data and then format it before printing it to a web page.
- Escaping โ This concerns the security and integrity of a web page. Data must be escaped so as not to interfere with the rendering of the page and to prevent malicious code from running.
- Formatting โ Formatting is about presenting text in the most faithful manner, depending on the context (for example, by turning prime marks into apostrophes:
'→’).
Why Use Thesis’ Escaping/formatting Methods?
Although WordPress provides functions for both escaping and formatting, these functions must always be applied separately to every piece of text developers output.
After a while, having to take two separate actions every time you want to accomplish one thing (like outputting text) becomes a tedious hassle. Even worse, developers must remember which functions to use in which contexts, and this becomes very exhausting in the long run!
To remedy this problem, Thesis includes a series of escaping/formatting methods that combine these two actions into a few easy-to-remember and easy-to-apply packages.
Thesis General API Escaping/formatting Methods
The following methods cover almost every escaping/formatting circumstance developers will encounter while working with both Thesis and WordPress.
To access any of these methods in your own code, you only need to include the global $thesis object and then reference the API method(s) like so:
global $thesis; $thesis->api->[method name]
ef($text)
Escape text and format it for use inside HTML attributes.
efh($text)
Escape text and format it for use between HTML tags (like <p> tags).
efa($text)
Escape text, format it, and allow basic HTML formatting tags, including links.
efn($text)
Escape text, format it, and allow basic HTML formatting tags except links.
ef0($text)
Escape text and format it, but do not allow any HTML tags.