While the class name (used to construct the $id_base when it is missing) and field name are controlled from the class itself, the use of get_field_name() and get_field_id() should still be escaped (esc_attr()) as you would when inserting any other PHP value into markup attribute value.
While the class name (used to construct the
$id_base
when it is missing) and field name are controlled from the class itself, the use ofget_field_name()
andget_field_id()
should still be escaped (esc_attr()
) as you would when inserting any other PHP value into markup attribute value.