assertEquals( $html, esc_html( $html ) ); // URL with & $html = 'http://localhost/trunk/wp-login.php?action=logout&_wpnonce=cd57d75985'; $escaped = 'http://localhost/trunk/wp-login.php?action=logout&_wpnonce=cd57d75985'; $this->assertEquals( $escaped, esc_html( $html ) ); // SQL query $html = "SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN ('site_name', 'siteurl', 'active_sitewide_plugins', '_site_transient_timeout_theme_roots', '_site_transient_theme_roots', 'site_admins', 'can_compress_scripts', 'global_terms_enabled') AND site_id = 1"; $escaped = 'SELECT meta_key, meta_value FROM wp_trunk_sitemeta WHERE meta_key IN ('site_name', 'siteurl', 'active_sitewide_plugins', '_site_transient_timeout_theme_roots', '_site_transient_theme_roots', 'site_admins', 'can_compress_scripts', 'global_terms_enabled') AND site_id = 1'; $this->assertEquals( $escaped, esc_html( $html ) ); } function test_escapes_ampersands() { $source = 'penn & teller & at&t'; $res = 'penn & teller & at&t'; $this->assertEquals( $res, esc_html( $source ) ); } function test_escapes_greater_and_less_than() { $source = 'this > that < that '; $res = 'this > that < that <randomhtml />'; $this->assertEquals( $res, esc_html( $source ) ); } function test_ignores_existing_entities() { $source = '& £ " &'; $res = '& £ " &'; $this->assertEquals( $res, esc_html( $source ) ); } }