Wordpress - Should I escape wordpress functions like the_title, the_excerpt, the_content

Escaping depends entirely on the context in which you are using the functions. What is safe for displaying inside <h1> tags, is not necessarily safe to display for the value attribute of an input field, and even that wouldn't necessarily be safe as a href attribute value....

In short - perform the sanitisation yourself as you output it. Though in the case of the_title () or get_the_title (), esc_html is not necessary, since WordPress applies the following functions:

  • convert_chars
  • wptexturize

Note: the_title prints the title - so esc_html ( the_title () ) won't work. Similarly, the_content prints the content (in any case, you'd expect the content to display HTML).

Yes and no - depends on whether you want html in those functions to be output or not. If you escape the_content(), for example, and it contains a <div> tag, that tag would actually be output to the page as &lt;div&gt; instead.

By the way, if you do escape the output of those functions, you'll want to use their "get_" equivalents (ex. get_the_content()) as those functions echo their output directly.