Escape later when getting post and body classes
|Reported by:||mfields||Owned by:|
Both get_body_class() and get_post_class() provide filters that allow plugins and themes to add custom values to the list. These filters are applied after the values in the $classes array have been filtered through esc_attr(). I think that it would be best to move the escaping after the filter has fired.
esc_attr() was first added to get_body_class() and get_post_class() in