wp_kses
You could use wp_kses to define specific html-tag/attribute combinations to be permitted in the escaped output.
$allowed_html = [
'div' => [
'class' => [],
],
];
echo wp_kses( '<div class="whatever">hey</div>', $allowed_html );
wp_kses_post
You could use wp_kses_post. It’s a pretty heavy function to use for such a purpose, but it is a valid way to escape your output.
<div <?php echo wp_kses_post('class="whatever"'); ?> >hey</div>
Related Posts:
- What characters do I need to escape in XML documents?
- What characters must be escaped in HTML 5?
- How can I selectively escape percent (%) in Python strings?
- How do I escape a single quote in jQuery?
- Escape Character in SQL Server
- How to escape apostrophe (‘) in MySql?
- Should HTML output be passed through esc_html() AND wp_kses()?
- How to prevent escaping when saving HTML code in an option value?
- How to correctly escape query variables to be used in WP_Query
- esc_attr / esc_html / esc_url in echos
- When do I need to use esc_html()? [duplicate]
- what’s different between esc_attr, htmlspecialchars and htmlentities
- Allow all attributes in $allowedposttags tags
- When outputting a static string to the page, is it necessary to escape the output?
- How Flexible are the WordPress Coding Standards for PHPCS?
- why is esc_html() returning nothing given a string containing a high-bit character?
- How to properly escape a translated string?
- Translate a Constant while appeasing WordPress PHPCS
- Using esc_url() on a url more than once
- Do I need to escape get_theme_mod(‘url’) / (‘mail’) with esc_url?
- How to allow   with wp_kses()?
- Using esc_attr_e
- Why esc_html_() is not used on every text that has a translation (on Twenty Twenty One)?
- Escaping crashes my output
- How to safely escape the title attribute
- Can wp_strip_all_tags be used as a substitute for esc_url, esc_attr & esc_html?
- Echoing a URL to a link
- wp_kses_post escaping doesn’t appear to work as described?
- file_get_contents | escaping doesnt show the page
- Help about Escaping
- How to keep specific tag from an html string?
- Escaping Issues
- Escaping and Special Characters (e.g. &)
- Escaping get_option( ‘time_format’ ) is nesserary?
- How should esc_url be combined with trailingslashit?
- Correct way of using esc_attr() and esc_html()
- esc_html don’t work on variable but do work on pasted text
- How to Git stash pop specific stash in 1.8.3?
- What are all the escape characters?
- Uses for the ‘"’ entity in HTML
- How can I add ” character to a multi line string declaration in C#?
- Illegal Escape Character “\”
- Escape quotes in JavaScript
- Which characters need to be escaped when using Bash?
- Escape string Python for MySQL
- How is \\n and \\\n interpreted by the expanded regular expression?
- Why shouldn’t `'` be used to escape single quotes?
- What does it mean to escape a string?
- Invalid escape sequence (valid ones are \b \t \n \f \r \” \’ \\ )
- Escaping HTML strings with jQuery
- What’s the Use of ‘\r’ escape sequence?
- How do I use spaces in the Command Prompt?
- How do I escape ampersands in XML so they are rendered as entities in HTML?
- Unrecognized escape sequence for path string containing backslashes
- With “magic quotes” disabled, why does PHP/WordPress continue to auto-escape my POST data?
- What’s the difference between esc_html, esc_attr, esc_html_e, and so on?
- Should I escape wordpress functions like the_title, the_excerpt, the_content
- Best Practice for PHP
- From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
- What is the difference between esc_html filter vs attribute_escape filter?
- Escaping and sanitizing SVGs in metabox textarea
- Sanitize and data validation with apply_filters() function
- Difference between esc_url() and esc_url_raw()
- How to print translation supported text with HTML URL
- Which WP functions do you need to use esc_html() or esc_url() on?
- What’s the difference between esc_* functions?
- What to use instead of wp_kses() in user output
- How do translated, escaped strings (esc_attr) in Themes work?
- How to escape custom css?
- How to Use Wildcards in $wpdb Queries Using $wpdb->get_results & $wpdb->prepare?
- Escaping WP_Query tax_query when term has special character(s)
- Do I need to escape data passed to wp_localize_script()?
- PHP Coding Standards, Widgets and Sanitization
- how to escape wp_oembed_get for phpcs
- Should messages in WP_Error already be html escaped?
- When do I need to use esc_attr when using WordPress internal functions
- How to escape html code with html allowed
- Disable escaping html
- esc before saving or before displaying does it matter?
- Do you need to escape hard coded plain text?
- Escaping built-in WP function return strings
- Updating a post without escaping ampersands?
- How do I stop HTML entities in a custom meta box from being un-htmlentitied?
- Why should I escape translatable strings? and how shall i do that?
- esc_url not working within add_settings_field callback
- Do I need to use the esc_html() function on hard coded links?
- Prevent add_shortcode from escaping a tag
- Escape hexadecimals/rgba values
- Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?
- wp_specialchars and wp_specialchars_decode in a shortcode plugin
- Sanitizing comments or escaping comment_text()
- Must I serialize/sanitize/escape array data before using set_transient?
- I am not understandinhg $wpdb->prepare correctly
- esc_attr not working in shortcode
- meta_query works locally but not on live server
- Prevent escaping javascript in visual editor
- How do I escape a table name or column name in SQL? esc_sql doesn’t do this
- Sanitizing, Validating and Escaping in WordPress (Plugin)
- Escaping / encoding data before insert into a database?
- How Could I sanitize the receive data from this code