sanitize_html_class( string $class, string $fallback = '' )
Sanitizes an HTML classname to ensure it only contains valid characters.
Description Description
Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.
Parameters Parameters
- $class
-
(string) (Required) The classname to be sanitized
- $fallback
-
(string) (Optional) The value to return if the sanitization ends up as an empty string. Defaults to an empty string.
Default value: ''
Return Return
(string) The sanitized value
Source Source
File: wp-includes/formatting.php
function sanitize_html_class( $class, $fallback = '' ) {
//Strip out any % encoded octets
$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
//Limit to A-Z,a-z,0-9,_,-
$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
if ( '' == $sanitized && $fallback ) {
return sanitize_html_class( $fallback );
}
/**
* Filters a sanitized HTML class string.
*
* @since 2.8.0
*
* @param string $sanitized The sanitized HTML class.
* @param string $class HTML class before sanitization.
* @param string $fallback The fallback string.
*/
return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
}
Expand full source code Collapse full source code View on Trac
Changelog Changelog
| Version | Description |
|---|---|
| 2.8.0 | Introduced. |
User Contributed Notes User Contributed Notes
You must log in before being able to contribute a note or feedback.
Basic Example
Created this function to help escape multiple HTML classes, you can give it an array of classes or a string of them separated by a delimiter:
if( ! function_exists("sanitize_html_classes") ){ function sanitize_html_classes($classes, $sep = " "){ $return = ""; if(!is_array($classes)) { $classes = explode($sep, $classes); } if(!empty($classes)){ foreach($classes as $class){ $return .= sanitize_html_class($class) . " "; } } return $return; } }Expand full source codeCollapse full source code