From 413c1188190d5b72bca5ea9f0a13add90beb0f43 Mon Sep 17 00:00:00 2001
From: Javier Godoy <11554739+javier-godoy@users.noreply.github.com>
Date: Mon, 2 Mar 2026 15:21:48 -0300
Subject: [PATCH] fix: sanitize CSS classnames

---
 .../flowingcode/vaadin/addons/demo/TabbedDemo.java    | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/flowingcode/vaadin/addons/demo/TabbedDemo.java b/src/main/java/com/flowingcode/vaadin/addons/demo/TabbedDemo.java
index 2aee7e1..ddf9353 100644
--- a/src/main/java/com/flowingcode/vaadin/addons/demo/TabbedDemo.java
+++ b/src/main/java/com/flowingcode/vaadin/addons/demo/TabbedDemo.java
@@ -202,13 +202,16 @@ public void showRouterLayoutContent(HasElement content) {
     }
 
     Optional.ofNullable(demo.getClass().getAnnotation(Route.class))
-    .map(route -> route.value().replaceFirst("^/+", ""))
+    .map(route -> route.value().replaceFirst("^/+", "").replaceFirst("^[0-9]", "_$0"))
     .filter(Predicate.not(String::isEmpty)).ifPresent(route -> {
         StringBuilder prefix = new StringBuilder();
           for (String segment : route.split("/+")) {
-            prefix.append(segment);
-            demo.addClassName(prefix.toString());
-            prefix.append('-');
+            segment = segment.replaceAll("[^a-zA-Z0-9_-]+", "-").replaceAll("^-+|-+$", "");
+            if (!segment.isEmpty()) {
+              prefix.append(segment);
+              demo.addClassName(prefix.toString());
+              prefix.append('-');
+            }
         }
     });