While the class name (used to construct the $id_base when it is missing) and field name are controlled from the class itself, the use of get_field_name() and get_field_id() should still be escaped (esc_attr()) as you would when inserting any other PHP value into markup attribute value.
While the class name (used to construct the
$id_basewhen it is missing) and field name are controlled from the class itself, the use ofget_field_name()andget_field_id()should still be escaped (esc_attr()) as you would when inserting any other PHP value into markup attribute value.