WordPress Security Standards want me to escape my html, but how to do it correctly?

phpwordpresselementorcodesniffer


PHP Snippet 1:

$output = "<HTML>
    <form>
        <div>
            <label>$i_am</label>
            <input type='text' name='i_am' value='' />
        </div>
        <div>
            <label>$and_i_am_looking_for</label>
            <input type='text' name='and_i_am_looking_for' value='' />
        </div>
    </form>
</HTML>";

PHP Snippet 2:

echo wp_kses(
    $output,
    array(
        'form'  => array(),
        'div'   => array(),
        'label' => array(),
        'input' => array(
            'type',
            'name',
            'value',
        ),
    )
);

Related Snippets

PHP SoapClient: set a namespace without prefix

Smarty: undefined extension class 'Smarty_Internal_Method_Get_Template_Vars'

Get all WooCommerce products within own plugin

PHP using str_starts_with for array to exclude same as with wildcard

json_encode turns array into an object

How to add a sidebar to Woocommerce Shop Page?

Select option from dropdown menu with PHP and mySql

I need to link Google Sheet with my Laravel

Split array into 4-element chunks then implode into strings

how to use extended ASCII instead of unicode in PHP

Invalid value in field "itemtype" in Google Search Console

WordPress ACFNotice: get_field() - We've detected one or more calls to retrieve ACF field values before ACF has been initialized

Handling expired token in Laravel

VB.NET WebRequest with PHP POST

retrieve data from database using session