Allow HTML Tags while using an escaping function in WordPress


In WordPress, the esc_html() function is used to escape HTML entities in a string, which helps to prevent cross-site scripting (XSS) attacks. By default, this function will convert all HTML tags to their corresponding entities, including the <h1> tag.

However, if you want to allow the <h1> tag in esc_html(), you can use the wp_kses() function instead.

Here’s an example:

$allowed_tags = array(
	'h1' => array(),
);  
echo wp_kses( "<h1>$my_awesome_heaser_value</h1>", $allowed_tags );

// Or, if you want to allow classes as well... 

$string = '<h1 class="my-class">Hello, world!</h1>'; // Replace with your string
$allowed_tags['h1']['class'] = true;
echo wp_kses($string, $allowed_tags);

In this example, we use the $string variable to store the string that we want to escape. We then define an array called $allowed_tags that specifies which HTML tags should be allowed in the string. In this case, we only allow the <h1> tag.

We then use the wp_kses() function to escape the string using the allowed tags. This function will remove any HTML tags that are not allowed in the $allowed_tags array.

Finally, we use the echo statement to output the escaped string. This will output the <h1> tag with its original formatting and styling.

Keep in mind that allowing HTML tags in esc_html() can increase the risk of XSS attacks, so you should only do this if you trust the source of the string and the content within it.