When writing theme and plugin code, it is important to ensure that data is safely outputted to prevent security vulnerabilities like cross-site scripting (XSS).
Escaping is the process of securing output data by encoding it so that any potentially dangerous characters are transformed into safe, displayable entities.
Escaping prevents attackers from injecting harmful code into your website. WordPress provides a variety of escaping functions to escape data for different contexts.
1. esc_html()
This function converts special characters into their HTML entity equivalents, ensuring that any HTML tags in the output are displayed as plain text rather than being rendered as HTML.
esc_html() should be used when you need to output text within HTML content.
<span><?php echo esc_html( $description ); ?></span>