The esc_textarea() WordPress PHP function safely escapes text for use in a textarea element, preventing potential security risks from user input.
Usage
echo '<textarea>' . esc_textarea( $text ) . '</textarea>'; // your custom code here
Parameters
$text(string) – The input text that needs to be escaped for use in a textarea element.
More information
See WordPress Developer Resources: esc_textarea()
Examples
Escaping user input for a textarea
Safely display user input inside a textarea element
$user_input = "Hello <script>alert('XSS!');</script> world!";
echo '<textarea>' . esc_textarea( $user_input ) . '</textarea>'; // Safely display user input
// Output: <textarea>Hello <script>alert('XSS!');</script> world!</textarea>
Escaping post content for a textarea
Safely display post content inside a textarea element
$post_content = get_the_content(); echo '<textarea>' . esc_textarea( $post_content ) . '</textarea>'; // Safely display post content
Escaping custom field value for a textarea
Safely display a custom field value inside a textarea element
$custom_field_value = get_post_meta( $post->ID, 'custom_field_key', true ); echo '<textarea>' . esc_textarea( $custom_field_value ) . '</textarea>'; // Safely display custom field value
Escaping option value for a textarea
Safely display an option value inside a textarea element
$option_value = get_option( 'my_option_name' ); echo '<textarea>' . esc_textarea( $option_value ) . '</textarea>'; // Safely display option value
Escaping widget text for a textarea
Safely display widget text inside a textarea element
$instance = array( 'text' => 'Sample text <strong>with HTML tags</strong>.' ); echo '<textarea>' . esc_textarea( $instance['text'] ) . '</textarea>'; // Safely display widget text // Output: <textarea>Sample text <strong>with HTML tags</strong>.</textarea>