sanitize_html_class( string $class, string $fallback = '' )

Sanitizes an HTML classname to ensure it only contains valid characters.


Description Description

Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.


Parameters Parameters

$class

(string) (Required) The classname to be sanitized

$fallback

(string) (Optional) The value to return if the sanitization ends up as an empty string. Defaults to an empty string.

Default value: ''


Top ↑

Return Return

(string) The sanitized value


Top ↑

Source Source

File: wp-includes/formatting.php

function sanitize_html_class( $class, $fallback = '' ) {
	//Strip out any % encoded octets
	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );

	//Limit to A-Z,a-z,0-9,_,-
	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

	if ( '' == $sanitized && $fallback ) {
		return sanitize_html_class( $fallback );
	}
	/**
	 * Filters a sanitized HTML class string.
	 *
	 * @since 2.8.0
	 *
	 * @param string $sanitized The sanitized HTML class.
	 * @param string $class     HTML class before sanitization.
	 * @param string $fallback  The fallback string.
	 */
	return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
}

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 2 content
    Contributed by lieutenantdan

    Created this function to help escape multiple HTML classes, you can give it an array of classes or a string of them separated by a delimiter:

    if( ! function_exists("sanitize_html_classes") ){
        function sanitize_html_classes($classes, $sep = " "){
            $return = "";
    
            if(!is_array($classes)) {
                $classes = explode($sep, $classes);
            }
    
            if(!empty($classes)){
                foreach($classes as $class){
                    $return .= sanitize_html_class($class) . " ";
                }
            }
    
            return $return;
        }
    }
    

You must log in before being able to contribute a note or feedback.