Adding inline JavaScript encoding issue

1) For escaping content of textarea you should use esc_textarea and not esc_attr.

2) You should not escape things when storing them in the DB, escaping should be done only at output time. (I assume that you can find an edge case in which it might be needed, but as a general rule, just don’t do it).

3) Asking users to insert JS code is very user hostile. In addition to the obvious security problem that might arise a general type of breakage is almost un avoidable… think someone doing $ = 'dollar';. It doesn’t help that if you go that way you have no way to sanitize anything and have to serve it raw.

Related Posts:

  1. Trigger Javascript on Gutenberg (Block Editor) Save
  2. Does javascript have an equivalent to PHP’s preg_replace_callback?
  3. WordPress problem with htmlentities
  4. esc_js() breaks unicode sequences by removing the slash ‘\’ character
  5. How to set javascript options for select2 in PHP array of plugin
  6. how to prevent added meta box from being injected with style=”position: fixed; top: 56px;” at scroll down
  7. How are cookie values encoded?
  8. How to Create a Repeatable Meta Box
  9. What does “javascript:void(0)” mean?
  10. For-each over an array in JavaScript
  11. Cannot read property ‘push’ of undefined when combining arrays
  12. How can I remove a specific item from an array?
  13. require is not defined? Node.js
  14. Getting Error “Form submission canceled because the form is not connected”
  15. How to implement navbar using react
  16. function updateMap for Google Maps API
  17. Loop inside React JSX
  18. Encode URL in JavaScript?
  19. JavaScript null check
  20. JavaScript “Uncaught TypeError: object is not a function” associativity question
  21. npm – EPERM: operation not permitted on Windows
  22. Module not found can’t resolve
  23. How can I get file extensions with JavaScript?
  24. How to detect Safari, Chrome, IE, Firefox and Opera browser?
  25. What does on() in JavaScript do?
  26. AngularJS : Factory and Service?
  27. Javascript Uncaught TypeError : .split is not a function
  28. Uncaught TypeError: Cannot read property ‘msie’ of undefined
  29. How to hide a div with jQuery?v
  30. How do I pass variables and data from PHP to JavaScript?
  31. How do I set/unset a cookie with jQuery?
  32. Calling onclick on a radiobutton list using javascript
  33. How to properly export an ES6 class in Node 4?
  34. DOMException: Failed to load because no supported source was found
  35. Counting the occurrences / frequency of array elements
  36. how to download file in react js
  37. TypeError: $(…).DataTable is not a function
  38. Trying to use fetch and pass in mode: no-cors
  39. Moment.js transform to date object
  40. jQuery explode string like PHP
  41. Call Javascript function from URL/address bar
  42. Anagrams finder in javascript
  43. How to validate a credit card number
  44. TypeError: res.status is not a function
  45. What is define([ , function ]) in JavaScript?
  46. Setting and getting localStorage with jQuery
  47. How to subtract days from a plain Date?
  48. Stopping a JavaScript function when a certain condition is met
  49. Showing an image from an array of images – Javascript
  50. AngularJS errors: Blocked loading resource from url not allowed by $sceDelegate policy
  51. How to use z-index in svg elements?
  52. How do you completely remove Ionic and Cordova installation from mac?
  53. What is the best way to detect a mobile device?
  54. How to filter JSON Data in JavaScript or jQuery?
  55. What’s the best way to reload / refresh an iframe?
  56. How do I check if a cookie exists?
  57. Get querystring from URL using jQuery [duplicate]
  58. Check if string contains only digits
  59. JS: iterating over result of getElementsByClassName using Array.forEach
  60. jQuery checkbox change and click event
  61. Error: listen EACCES 0.0.0.0:80 OSx Node.js
  62. jQuery selectors on custom data attributes using HTML5
  63. How to check if a value is not null and not empty string in JS
  64. How do I refresh a DIV content?
  65. TypeError: abc.getAttribute is not a function
  66. JavaScript single line ‘if’ statement – best syntax, this alternative?
  67. jquery to validate phone number
  68. Closing Bootstrap modal onclick
  69. window.location() not working, not opening page
  70. How to clear the canvas for redrawing
  71. What’s a Good Javascript Time Picker?
  72. JavaScript event window.onload not triggered
  73. Default text on input
  74. Pass custom fields values to Google Maps
  75. Gutenberg Modify core taxonomy panel element via wp.hooks.addFilter
  76. What is “open()” in MediaUpload?
  77. update_option in javascript
  78. What’s the handle for media.js?
  79. Script will not print in head if path to file is correct
  80. How can I add Block Style support to the core HTML block in Gutenberg?
  81. How to add comment on scripts using function in wordpress?
  82. Is there a way to check for an attribute of a script when using script_loader_tag?
  83. Jquery function working in Chrome Console but not in the code [closed]
  84. Gutenberg: Block validation Failed Richtext undefined
  85. Multiple media uploader buttons target only one input on the same page
  86. How to open the add media dialogue it in a certain state / tab?
  87. Removing auto versioning of JS and loading to header
  88. How WP does Mortgage affordability calculation
  89. Putting custom html/js page into Elementor as it’s own block
  90. Drag-to-Scroll Landingpage
  91. Easiest way to find JS conflicts
  92. Update block once an API request returns with a value
  93. XMLHttpRequest of admin data to public
  94. How do I add a class to Customizer preview based on class of Customizer control? (Customizer Javascript API)
  95. WordPress 4.2 mce-views migration guide?
  96. Loaded JavaScript file not showing [duplicate]
  97. PHP or JS for header image rotator?
  98. Passing object to FormTokenField suggestions
  99. How to Update a variable even if the web page reloads in js
  100. How do i get an Inline style in Gutenberg Block show up in front end?