sanitize_html_class( string $class, string $fallback = '' )

Sanitizes an HTML classname to ensure it only contains valid characters.

Contents

Description Description

Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.

Parameters Parameters

$class

(string) (Required) The classname to be sanitized

$fallback

(string) (Optional) The value to return if the sanitization ends up as an empty string. Defaults to an empty string.

Default value: ''

Top ↑

Return Return

(string) The sanitized value

Top ↑

Source Source

File: wp-includes/formatting.php 

function sanitize_html_class( $class, $fallback = '' ) {
	//Strip out any % encoded octets
	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );

	//Limit to A-Z,a-z,0-9,_,-
	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

	if ( '' == $sanitized && $fallback ) {
		return sanitize_html_class( $fallback );
	}
	/**
	 * Filters a sanitized HTML class string.
	 *
	 * @since 2.8.0
	 *
	 * @param string $sanitized The sanitized HTML class.
	 * @param string $class     HTML class before sanitization.
	 * @param string $fallback  The fallback string.
	 */
	return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

Top ↑

Used By Used By

Used By
Used By Description
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_title()

Handles the title column output.
wp-includes/link-template.php: _navigation_markup()

Wraps passed links in navigational markup.
wp-login.php: login_header()

Output the login page header.
wp-admin/includes/class-wp-screen.php: WP_Screen::add_help_tab()

Add a help tab to the contextual help for the screen.
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/template.php: iframe_header()

Generic Iframe header for use with Thickbox
wp-admin/includes/media.php: attachment_submitbox_metadata()

Displays non-editable attachment metadata in the publish meta box.
wp-admin/menu-header.php: _wp_menu_output()

Display menu.
wp-includes/formatting.php: sanitize_html_class()

Sanitizes an HTML classname to ensure it only contains valid characters.
wp-includes/post-template.php: get_post_class()

Retrieves the classes for the post div as an array.
wp-includes/post-template.php: get_body_class()

Retrieve the classes for the body element as an array.
wp-includes/media.php: gallery_shortcode()

Builds the Gallery shortcode output.
wp-includes/media.php: img_caption_shortcode()

Builds the Caption shortcode output.
wp-includes/comment-template.php: get_comment_class()

Returns the classes for the comment div as an array.
wp-includes/class-wp-editor.php: _WP_Editors::editor_settings()
Show 10 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

  2. Skip to note content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by lieutenantdan

    Created this function to help escape multiple HTML classes, you can give it an array of classes or a string of them separated by a delimiter:

    if( ! function_exists("sanitize_html_classes") ){
    function sanitize_html_classes($classes, $sep = " "){
        $return = "";

        if(!is_array($classes)) {
            $classes = explode($sep, $classes);
        }

        if(!empty($classes)){
            foreach($classes as $class){
                $return .= sanitize_html_class($class) . " ";
            }
        }

        return $return;
    }
}

    Expand full source codeCollapse full source code

You must log in before being able to contribute a note or feedback.