## escaping – How to safely escape data that contains HTML attributes

Question

### wp_kses

You could use wp_kses to define specific html-tag/attribute combinations to be permitted in the escaped output.

$allowed_html = [ 'div' => [ 'class' => [], ], ]; echo wp_kses( '<div class="whatever">hey</div>',$allowed_html );


### wp_kses_post

You could use wp_kses_post. It’s a pretty heavy function to use for such a purpose, but it is a valid way to escape your output.

<div <?php echo wp_kses_post('class="whatever"'); ?> >hey</div>


0
2 months 2022-06-11T15:34:55-05:00 0 Answers 0 views 0