http://core.trac.wordpress.org/browser/trunk/wp-includes/formatting.php#L2239
I’m confused about when should either of them be used.
Assuming I have this URL: http://site.com/?getsomejavascript=1
, which is dynamically generated javascript:
-
if I include the script with
esc_url(add_query_arg('apples', 420))
, I gethttp://site.com/?getsomejavascript=1&apples=420
and it breaks because of those#038;
references -
if I use
esc_url_raw(add_query_arg('apples', 420))
I get the correct URL:http://site.com/?getsomejavascript=1&apples=420
but in the documentation I find out that esc_url_raw should only be used to escape URLs inserted in the database…
From the Codex entry for Data Validation: URLs:
So, the primary differences appear to be:
esc_url()
encodes HTML entities,while
esc_url_raw()
does notesc_url()
is intended foroutput, while
esc_url_raw()
is intended for database storageEDIT:
Since you are either hard-coding (or saving/storing separately) the actual URL from the query string, and then appending the query string via
[add_query_arg()][2]
, might it be better to escape your appended query string viaesc_js()
, rather thanesc_url()
?For example: