diff --git a/includes/class-give-donate-form.php b/includes/class-give-donate-form.php
index 1193dea4d3..829fb777cc 100644
--- a/includes/class-give-donate-form.php
+++ b/includes/class-give-donate-form.php
@@ -838,6 +838,11 @@ public function get_form_classes( $args ) {
 		// Remove empty class names.
 		$form_classes_array = array_filter( $form_classes_array );
 
+        /**
+         * @unreleased sanitize attributes
+         */
+        $form_classes_array = array_map('esc_attr', $form_classes_array);
+
 		return implode( ' ', $form_classes_array );
 
 	}
@@ -885,6 +890,11 @@ public function get_form_wrap_classes( $args ) {
 		 */
 		$form_wrap_classes_array = (array) apply_filters( 'give_form_wrap_classes', $custom_class, $this->ID, $args );
 
+        /**
+         * @unreleased sanitize attributes
+         */
+        $form_wrap_classes_array = array_map('esc_attr', $form_wrap_classes_array);
+
 		return implode( ' ', $form_wrap_classes_array );
 
 	}