When to use __() and esc_html_e

前端未结

关注

 2  1634

醉话见心 2021-02-04 07:55

Can anyone explain why I would use __() over esc_html_e()

__() esc_html_e

2条回答

忘了有多久 (楼主)

2021-02-04 08:12

__() is primarily for simple text that doesn't contain markup that needs to be escaped. It differs from _e() in that the former returns the translated text while the latter echoes the translated text.

esc_html_e() and esc_html__() are similar, but they are used for strings that do contain markup. They each escape the provided string, and then call on their corresponding _e() or __() counterparts depending on which one you use.

Escaping HTML is necessary if you're accepting strings provided from user input. XSS attacks are probably the most common types of attacks on sites that accept user input and render it on the page. An attacker can easily provide