In WordPress, the esc_html()
function is used to escape HTML entities in a string, which helps to prevent cross-site scripting (XSS) attacks. By default, this function will convert all HTML tags to their corresponding entities, including the <h1>
tag.
However, if you want to allow the <h1>
tag in esc_html()
, you can use the wp_kses()
function instead.
Here’s an example:
$allowed_tags = array(
'h1' => array(),
);
echo wp_kses( "<h1>$my_awesome_heaser_value</h1>", $allowed_tags );
// Or, if you want to allow classes as well...
$string = '<h1 class="my-class">Hello, world!</h1>'; // Replace with your string
$allowed_tags['h1']['class'] = true;
echo wp_kses($string, $allowed_tags);
In this example, we use the $string
variable to store the string that we want to escape. We then define an array called $allowed_tags
that specifies which HTML tags should be allowed in the string. In this case, we only allow the <h1>
tag.
We then use the wp_kses()
function to escape the string using the allowed tags. This function will remove any HTML tags that are not allowed in the $allowed_tags
array.
Finally, we use the echo
statement to output the escaped string. This will output the <h1>
tag with its original formatting and styling.
Keep in mind that allowing HTML tags in esc_html()
can increase the risk of XSS attacks, so you should only do this if you trust the source of the string and the content within it.