escaping – How to safely escape data that contains HTML attributes

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

Question

You could use wp_kses to define specific html-tag/attribute combinations to be permitted in the escaped output.

$allowed_html = [
  'div' => [
    'class' => [],
  ],
];

echo wp_kses( '<div class="whatever">hey</div>', $allowed_html );

You could use wp_kses_post. It’s a pretty heavy function to use for such a purpose, but it is a valid way to escape your output.

<div <?php echo wp_kses_post('class="whatever"'); ?> >hey</div>

Alvaro Franz 2 months 2022-06-11T15:34:55-05:00 2022-06-11T15:34:55-05:00 0 Answers 0 views 0

Register Now