well esc_html_ will do just that, escape all the HTML tags.
echo "<p>" . str_replace('.', '.<br />', esc_html__( 'We have just sent you an email with instructions to reset your password. If you do not receive a reset email or password email please look in your spam folder.', 'socialize' )) . "</p>";
that will wrap your message in a paragraph tag and replace each period with a period + break tag.
MK
(@mkarimzada)
I would use sprintf() instead. See example below:
echo sprintf( '<p>%1$s<br>%2$s</p>',
esc_html( 'We have just sent you an email with instructions to reset your password.', 'socialize' ),
esc_html( 'If you do not receive a reset email or password email please look in your spam folder.', 'socialize' )
);
@mkarimzada out of curiosity, why sprintf over a simple str_replace?
<?php
/* quick un WP way of doing esc_html() */
function esc_html( $text ) {
$safe_text = htmlspecialchars( $text, ENT_QUOTES );
return $text;
}
$mtime = microtime(true);
for ($i = 0; $i < 1000000; $i++) {
$message = "<p>" . str_replace('.', '.<br />', esc_html('We have just sent you an email with instructions to reset your password. If you do not receive a reset email or password email please look in your spam folder.', 'socialize' )) . "</p>";
}
$ctime = microtime(true);
echo 'str_replace: '. ($ctime-$mtime);
echo '<br>';
$mtime = microtime(true);
for ($i = 0; $i < 1000000; $i++) {
$message = sprintf( '<p>%1$s<br>%2$s</p>',
esc_html( 'We have just sent you an email with instructions to reset your password.', 'socialize' ),
esc_html( 'If you do not receive a reset email or password email please look in your spam folder.', 'socialize' )
);
}
$ctime = microtime(true);
echo 'sprintf: '. ($ctime-$mtime);
?>
if it’s performance, strreplace is faster.
if it’s readability, maybe as the string is so simple but really just a matter of preference(?)
MK
(@mkarimzada)
@tugbucket I 100% agree with you, str_replace is much faster than sprintf performance wise but it improves readability and argument swapping is a lot easier specially when you are working with translations and RTL languages.
For example, let’s add a link inside paragraph:
echo sprintf( '<p>%1$s<br>%2$s <a href="%3$s" title="%5$s">%4$s</a></p>',
esc_html( 'We have just sent you an email with instructions to reset your password.', 'socialize' ),
esc_html( 'If you do not receive a reset email or password', 'socialize' ),
esc_url( 'https://resetyourspasswordlink.com' ),
esc_html( 'click here', 'socialize' ),
esc_attr( 'Title for linked page' )
);
I think this looks much readable than concatenating a bunch strings. Obviously it’s just a matter of preference. One last note, that <br> tags will show up in theme/plugin .po files, if you use str_replace.
As the OP echos the escaped text it would be appropriate to use printf
rather than sprintf
.
I used to prefer that but now I prefer mixing php tags ( I think mainly is is more readable and also IDE’s do a better job of checking markup )
<?php
/* stuff */
?>
<p>
<?php esc_html_e('Some Text.', 'socialize' ); ?>
<br>
<?php esc_html_e('Next line.', 'socialize' ); ?>
</p>
<?php
/* more stuff */
-
This reply was modified 2 years, 7 months ago by
Alan Fuller.