根据developers handbook, 以下是输出任何内容时应使用的功能：

esc_attr() // Use on everything else that’s printed into an HTML element’s attribute.
esc_html() // Use anytime an HTML element encloses a section of data being displayed.
esc_js() // Use for inline Javascript.
esc_textarea() // Use this to encode text for use inside a textarea element.
esc_url() // Use on all URLs, including those in the src and href attributes of an HTML element.
esc_url_raw() // Use when storing a URL in the database or in other cases where non-encoded URLs are needed.
wp_kses() // Use for all non-trusted HTML (post text, comment text, etc.)
wp_kses_post() // Alternative version of wp_kses() that automatically allows all HTML that is permitted in post content.
wp_kses_data() // Alternative version of wp_kses() that allows only the HTML permitted in post comments.

因此，在您的情况下：

<label for="<?php echo esc_attr( $this->plugin_name . \'-\' . $switch[\'id\'] ); ?>">

正如所指出的@jacob-peattie 在第二个示例中，转义是不必要的，因为没有呈现动态内容。但如果拒绝消息明确指出这是需要转义的，那么这就是解决方法：

 echo "<style>" . esc_html( "img[ci-src] {opacity: 0;} img.ci-image-loaded {opacity: 1;}" ) . "</style>";

编辑：起初我混淆了esc\\u html和esc\\u attr，现在它是正确的。