sanitize_html_class( string $classname, string $fallback = '' ): string

Sanitizes an HTML classname to ensure it only contains valid characters.

Contents

Description

Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.

Top ↑

Parameters

$classname string Required
The classname to be sanitized.
$fallback string Optional
The value to return if the sanitization ends up as an empty string.

Default: ''

Top ↑

Return

string The sanitized value.

Top ↑

Source

File: wp-includes/formatting.php. View all references 

function sanitize_html_class( $classname, $fallback = '' ) {
	// Strip out any percent-encoded characters.
	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $classname );

	// Limit to A-Z, a-z, 0-9, '_', '-'.
	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

	if ( '' === $sanitized && $fallback ) {
		return sanitize_html_class( $fallback );
	}
	/**
	 * Filters a sanitized HTML class string.
	 *
	 * @since 2.8.0
	 *
	 * @param string $sanitized The sanitized HTML class.
	 * @param string $classname HTML class before sanitization.
	 * @param string $fallback  The fallback string.
	 */
	return apply_filters( 'sanitize_html_class', $sanitized, $classname, $fallback );
}

View on Trac View on GitHub

Top ↑

Hooks

Top ↑

Top ↑

Uses

Uses
Uses Description
sanitize_html_class() wp-includes/formatting.php

Sanitizes an HTML classname to ensure it only contains valid characters.
apply_filters() wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By

Used By
Used By Description
WP_Theme_JSON::remove_insecure_settings() wp-includes/class-wp-theme-json.php

Processes a setting node and returns the same node without the insecure settings.
WP_Media_List_Table::column_title() wp-admin/includes/class-wp-media-list-table.php

Handles the title column output.
_navigation_markup() wp-includes/link-template.php

Wraps passed links in navigational markup.
login_header() wp-login.php

Output the login page header.
WP_Screen::add_help_tab() wp-admin/includes/class-wp-screen.php

Adds a help tab to the contextual help for the screen.
WP_Plugin_Install_List_Table::display_rows() wp-admin/includes/class-wp-plugin-install-list-table.php
iframe_header() wp-admin/includes/template.php

Generic Iframe header for use with Thickbox.
attachment_submitbox_metadata() wp-admin/includes/media.php

Displays non-editable attachment metadata in the publish meta box.
_wp_menu_output() wp-admin/menu-header.php

Display menu.
sanitize_html_class() wp-includes/formatting.php

Sanitizes an HTML classname to ensure it only contains valid characters.
get_post_class() wp-includes/post-template.php

Retrieves an array of the class names for the post container element.
get_body_class() wp-includes/post-template.php

Retrieves an array of the class names for the body element.
gallery_shortcode() wp-includes/media.php

Builds the Gallery shortcode output.
img_caption_shortcode() wp-includes/media.php

Builds the Caption shortcode output.
get_comment_class() wp-includes/comment-template.php

Returns the classes for the comment div as an array.
_WP_Editors::editor_settings() wp-includes/class-wp-editor.php
Show 11 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

User Contributed Notes

  2. Skip to note 2 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 4You must log in to vote on the helpfulness of this note
    Contributed by lieutenantdan

    Created this function to help escape multiple HTML classes, you can give it an array of classes or a string of them separated by a delimiter:

    if( ! function_exists("sanitize_html_classes") ){
    function sanitize_html_classes($classes, $sep = " "){
        $return = "";

        if(!is_array($classes)) {
            $classes = explode($sep, $classes);
        }

        if(!empty($classes)){
            foreach($classes as $class){
                $return .= sanitize_html_class($class) . " ";
            }
        }

        return $return;
    }
}
  4. Skip to note 4 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Mahdi Yazdani

    Sanitize multiple HTML classes in one pass.

    Accepts either an array of $classes, or a space-separated string of class names and runs them to sanitize using the sanitize_html_class function.

    /**
 * Sanitize multiple HTML classes in one pass.
 *
 * @param    array  $classes           Classes to be sanitized.
 * @param    string $return_format     The return format, 'input', 'string', or 'array'.
 * @return   array|string
 */
function prefix_sanitize_html_classes( $classes, $return_format = 'input' ) {
	if ( 'input' === $return_format ) {
		$return_format = is_array( $classes ) ? 'array' : 'string';
	}

	$classes           = is_array( $classes ) ? $classes : explode( ' ', $classes );
	$sanitized_classes = array_map( 'sanitize_html_class', $classes );

	if ( 'array' === $return_format ) {
		return $sanitized_classes;
	} else {
		return implode( ' ', $sanitized_classes );
	}
}

You must log in before being able to contribute a note or feedback.