Tutorial by Examples

esc_html should be used anytime we're outputting data inside HTML code. <h4><?php echo esc_html( $title ); ?></h4>

<a href="<?php echo esc_url( home_url( '/' ) ); ?>">Home</a> <img src="<?php echo esc_url( $user_picture_url ); ?>" />

esc_js() is intended to be used for inline JS, inside a tag attribute. For data inside a <script> tag use wp_json_encode(). <input type="text" onfocus="if( this.value == '<?php echo esc_js( $fields['input_text'] ); ?>' ) { this.value = ''; }" name="name&quot...

<input type="text" value="<?php echo esc_attr($_POST['username']); ?>" />

<textarea><?php echo esc_textarea( $text ); ?></textarea>