There are few special template tags for common cases where safe output is needed. One such case involves outputing a post title to a title attribute using the_title_attribute() instead of the_title() to avoid a security vulnerability. Here’s an example of correct escaping for the title attribute of a post title link when using translatable text: