10.2 Output Escaping

Output escaping prevents cross-site scripting (XSS) attacks by ensuring that user-generated content cannot execute malicious scripts in browsers. We escape output as close to the display point as possible, using context-appropriate escaping functions.

WordPress provides escaping functions for different output contexts, and we use them consistently throughout our templates and admin interfaces.

1




Laravel’s Blade templating engine automatically escapes output by default, but we’re explicit about our escaping intentions and use unescaped output only when appropriate.



<a href=""></a>
<img src="" alt=""><div class="content">{!! $post->content !!}</div><script>
    var postData = @json($post);
    var userName = @json($user->name);
</script>



          

          
            
          
        

        




  

  
Copyright © 2025 Crowd Favorite. All rights reserved.


  

    
    
      This site uses Just the Docs, a documentation theme for Jekyll.