Which escape function to use when escaping an email or plain text?

I have submitted a plugin to the WordPress repo, they have come back and said I need to escape the values in my email sending code NOT sanitize. So I'm confused what function they want me to use. Can you provide advice on the best escape function I should use for an email and plain text?

Existing code they want me to escape and not sanitize:

$message = "
...
    listrongEmail:/strong " . sanitize_email($_REQUEST['email']) . "/li
    listrongName: /strong " . sanitize_text_field($_REQUEST['name'])  . "/li
...
";

$emailResult =  wp_mail("[email protected]", "Support Request", $message, array('Content-Type: text/html; charset=UTF-8') );

There's no esc_email() or esc_text() function. So is the below correct to escape an email and plain text? 

listrongEmail:/strong " . esc_html($_REQUEST['email']) . "/li
listrongName: /strong " . esc_textarea($_REQUEST['name'])  . "/li

Topic sanitization escaping plugins Wordpress

Category Web

1
answered at

Yep, you can escape it as normal HTML, like so:
<?php echo esc_html( $email ); ?>

For the mailto link, you can use esc_url. Just make sure you include mailto: into the URL, e.g.:
<a href="<?php echo esc_url( 'mailto:' . $email ); ?>">

So a fully escaped mail link would look like this:
<a href="<?php echo esc_url( 'mailto:' . $email ); ?>"><?php echo esc_html( $email ); ?></a>

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.