sanitize_html_class( string $class, string $fallback = '' )

Sanitizes an HTML classname to ensure it only contains valid characters.

Contents

Description Description

Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.

Top ↑

Parameters Parameters

$class

(string) (Required) The classname to be sanitized

$fallback

(string) (Optional) The value to return if the sanitization ends up as an empty string. Defaults to an empty string.

Default value: ''

Top ↑

Return Return

(string) The sanitized value

Top ↑

Source Source

File: wp-includes/formatting.php 

function sanitize_html_class( $class, $fallback = '' ) {
	// Strip out any %-encoded octets.
	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );

	// Limit to A-Z, a-z, 0-9, '_', '-'.
	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

	if ( '' === $sanitized && $fallback ) {
		return sanitize_html_class( $fallback );
	}
	/**
	 * Filters a sanitized HTML class string.
	 *
	 * @since 2.8.0
	 *
	 * @param string $sanitized The sanitized HTML class.
	 * @param string $class     HTML class before sanitization.
	 * @param string $fallback  The fallback string.
	 */
	return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
}

Expand full source code Collapse full source code View on Trac

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/formatting.php: sanitize_html_class()

Sanitizes an HTML classname to ensure it only contains valid characters.
wp-includes/formatting.php: sanitize_html_class

Filters a sanitized HTML class string.
wp-includes/plugin.php: apply_filters()

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By Used By

Used By
Used By Description
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_title()

Handles the title column output.
wp-includes/link-template.php: _navigation_markup()

Wraps passed links in navigational markup.
wp-login.php: login_header()

Output the login page header.
wp-admin/includes/class-wp-screen.php: WP_Screen::add_help_tab()

Add a help tab to the contextual help for the screen.
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/template.php: iframe_header()

Generic Iframe header for use with Thickbox
wp-admin/includes/media.php: attachment_submitbox_metadata()

Displays non-editable attachment metadata in the publish meta box.
wp-admin/menu-header.php: _wp_menu_output()

Display menu.
wp-includes/formatting.php: sanitize_html_class()

Sanitizes an HTML classname to ensure it only contains valid characters.
wp-includes/post-template.php: get_post_class()

Retrieves an array of the class names for the post container element.
wp-includes/post-template.php: get_body_class()

Retrieves an array of the class names for the body element.
wp-includes/media.php: gallery_shortcode()

Builds the Gallery shortcode output.
wp-includes/media.php: img_caption_shortcode()

Builds the Caption shortcode output.
wp-includes/comment-template.php: get_comment_class()

Returns the classes for the comment div as an array.
wp-includes/class-wp-editor.php: _WP_Editors::editor_settings()
Show 10 more used by Hide more used by

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 3You must log in to vote on the helpfulness of this note
    Contributed by lieutenantdan

    Created this function to help escape multiple HTML classes, you can give it an array of classes or a string of them separated by a delimiter:

    if( ! function_exists("sanitize_html_classes") ){
    function sanitize_html_classes($classes, $sep = " "){
        $return = "";

        if(!is_array($classes)) {
            $classes = explode($sep, $classes);
        }

        if(!empty($classes)){
            foreach($classes as $class){
                $return .= sanitize_html_class($class) . " ";
            }
        }

        return $return;
    }
}

    Expand full source codeCollapse full source code

  4. Skip to note 4 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Mahdi Yazdani

    Sanitize multiple HTML classes in one pass.

    Accepts either an array of $classes, or a space-separated string of class names and runs them to sanitize using the sanitize_html_class function.

    /**
 * Sanitize multiple HTML classes in one pass.
 *
 * @param    array  $classes           Classes to be sanitized.
 * @param    string $return_format     The return format, 'input', 'string', or 'array'.
 * @return   array|string
 */
function prefix_sanitize_html_classes( $classes, $return_format = 'input' ) {
	if ( 'input' === $return_format ) {
		$return_format = is_array( $classes ) ? 'array' : 'string';
	}

	$classes           = is_array( $classes ) ? $classes : explode( ' ', $classes );
	$sanitized_classes = array_map( 'sanitize_html_class', $classes );

	if ( 'array' === $return_format ) {
		return $sanitized_classes;
	} else {
		return implode( ' ', $sanitized_classes );
	}
}

    Expand full source codeCollapse full source code

You must log in before being able to contribute a note or feedback.