W3cubDocs

/WordPress

sanitize_html_class( string $classname, string $fallback = ” ): string

Sanitizes an HTML classname to ensure it only contains valid characters.

Description

Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.

Parameters

$classnamestringrequired: The classname to be sanitized.
$fallbackstringoptional: The value to return if the sanitization ends up as an empty string.

Default:''

Return

string The sanitized value.

Source

function sanitize_html_class( $classname, $fallback = '' ) {
	// Strip out any percent-encoded characters.
	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $classname );

	// Limit to A-Z, a-z, 0-9, '_', '-'.
	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

	if ( '' === $sanitized && $fallback ) {
		return sanitize_html_class( $fallback );
	}
	/**
	 * Filters a sanitized HTML class string.
	 *
	 * @since 2.8.0
	 *
	 * @param string $sanitized The sanitized HTML class.
	 * @param string $classname HTML class before sanitization.
	 * @param string $fallback  The fallback string.
	 */
	return apply_filters( 'sanitize_html_class', $sanitized, $classname, $fallback );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘sanitize_html_class’, string $sanitized, string $classname, string $fallback ): Filters a sanitized HTML class string.

Changelog

Version	Description
2.8.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_html_class