Last active
November 17, 2025 18:15
-
-
Save desrosj/47262ce682ff416d68f52dde37efbf2d to your computer and use it in GitHub Desktop.
Possible `esc_url()` code examples.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Recommended approach for defaulting to 'http' while maintaining backwards compatibility. | |
| * | |
| * Example: no protocol with $protocols and 'https' first. | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'https://profiles.wordpress.org' | |
| * - WordPress < 6.9: 'http://profiles.wordpress.org' | |
| */ | |
| echo esc_url( 'profiles.wordpress.org', array( 'https', 'http' ) ); | |
| /* | |
| * Example 1: no protocol included in $url. | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'http://profiles.wordpress.org' | |
| * - WordPress < 6.9: 'http://profiles.wordpress.org' | |
| */ | |
| echo esc_url( 'profiles.wordpress.org' ); | |
| /* | |
| * Example 2: 'http' protocol incldued in $url. | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'http://profiles.wordpress.org' | |
| * - WordPress < 6.9: 'http://profiles.wordpress.org' | |
| */ | |
| echo esc_url( 'http://profiles.wordpress.org' ); | |
| /* | |
| * Example 3: 'https' protocol included in $url. | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'https://profiles.wordpress.org' | |
| * - WordPress < 6.9: 'https://profiles.wordpress.org' | |
| */ | |
| echo esc_url( 'https://profiles.wordpress.org' ); | |
| /* | |
| * Example 4: no protocol with $protocols and 'http' first. | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'http://profiles.wordpress.org' | |
| * - WordPress < 6.9: 'http://profiles.wordpress.org' | |
| */ | |
| echo esc_url( 'profiles.wordpress.org', array( 'http', 'https' ) ); | |
| /* | |
| * Example 5: no protocol in $url with $protocols and no 'http' | |
| * | |
| * Output: | |
| * - WordPress >= 6.9: 'https://profiles.wordpress.org' | |
| * - WordPress < 6.9: '' | |
| * | |
| * Note: if 'http' is not included in the $protocols array, the fully escaped URL will not pass | |
| * the final check that a valid, allowed protocol is included. | |
| */ | |
| echo esc_url( 'profiles.wordpress.org', array( 'https' ) ); | |
| /* | |
| * Example 6: protocol within $url missing within $protocols. | |
| * | |
| * Output for all: | |
| * - WordPress >= 6.9: '' | |
| * - WordPress < 6.9: '' | |
| * | |
| * Note: if 'http' is not included in the $protocols array, the fully escaped URL will not pass | |
| * the final check that a valid, allowed protocol is included. | |
| */ | |
| echo esc_url( 'https://profiles.wordpress.org', array( 'http' ) ); | |
| echo esc_url( 'http://profiles.wordpress.org', array( 'https' ) ); | |
| echo esc_url( 'mailto:[email protected]', array( 'https', 'http' ) ); |
Author
Updated!
I split this and moved it to the Google doc. I'm hoping there's a better way to introduce the additional examples than "Additional examples of output include:"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The recommended approach defaults to 'https'
By adding "Recommended approach for defaulting to 'https' while maintaining backwards compatibility." at the top, I do not think the Note is necessary for that example.