In WordPress they recommend that I should escape any part of the code of my plugin that shows data to the user, I have made most of the corrections but this specific case I don't know how to escape that echo. Please help.
option value=
?php _e( '- Default', MF_TEXT_DOMAIN ); ?
/option
?php foreach ( $folders as $folder ) {
$folder = trim( $folder );
echo option value=\{$folder}\{$folder}/option;
} ?
Escaping is only necessary when you have no full control of the the thing you are echoing. So as long as $folder is a variable that you have defined yourself, there's no real need to escape. But if there is user input involved, there is esc_html, to be used as follows:
echo esc_html ("this input string contains a > character");
In this case, however, more drastic measures may be needed, because there can be no html tags at all inside option tags, so you add wp_strip_all_tags like this:
$folder = wp_strip_all_tags ($folder);
echo esc_html ("<option value=\"{$folder}\">{$folder}</option>");
UPDATE (thanks to Kero in the comments for noticing the error)
$folder = esc_html (wp_strip_all_tags ($folder));
echo "<option value=\"{$folder}\">{$folder}</option>";
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.