When is it definitely necessary or for good practice to use escaping functions?
For example, using esc_url();with:
get_template_directory_uri();
get_permalink();
get_author_posts_url();
get_edit_post_link();
wp_get_attachment_url();
And esc_html();with:
get_the_title();
get_the_author();
get_the_date();
get_search_query();
I also think that esc_html();they are esc_attr();very similar, aren't they? What are the differences?
source
share