diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 91b3134..9e4abd5 100644
a
|
b
|
function sanitize_html_class( $class, $fallback = '' ) { |
1654 | 1654 | //Strip out any % encoded octets |
1655 | 1655 | $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class ); |
1656 | 1656 | |
1657 | | //Limit to A-Z,a-z,0-9,_,- |
1658 | | $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized ); |
| 1657 | //Remove meaningful CSS characters |
| 1658 | $pattern = '/[\\\\#%&\',-\/:;<=>@`~\^\$\.\!\[\]\|\{\}\(\)\?\*\+"\s]/'; |
| 1659 | $sanitized = preg_replace( $pattern, '', $sanitized ); |
1659 | 1660 | |
1660 | 1661 | if ( '' == $sanitized && $fallback ) { |
1661 | 1662 | return sanitize_html_class( $fallback ); |