escaping – How to safely escape data that contains HTML attributes
Question
wp_kses
You could use wp_kses
to define specific html-tag/attribute combinations to be permitted in the escaped output.
$allowed_html = [
'div' => [
'class' => [],
],
];
echo wp_kses( '<div class="whatever">hey</div>', $allowed_html );
wp_kses_post
You could use wp_kses_post
. It’s a pretty heavy function to use for such a purpose, but it is a valid way to escape your output.
<div <?php echo wp_kses_post('class="whatever"'); ?> >hey</div>
0
2 months
2022-06-11T15:34:55-05:00
2022-06-11T15:34:55-05:00 0 Answers
0 views
0
Leave an answer