Sanitizing output that contains quotes?

Another solution would be to put the style directly in the header, and
only put the escaped values in, which would solve the double quote
issue, but in the case that no styling has been set I’m left with an
empty style in my element, and that also seems kinda unnecessary.

You could e.g. check out wp_add_inline_style and only add the style if there exists a non empty CSS theme settings value.

Related Posts:

  1. Should I sanitize an email address before passing it to the is_email() function?
  2. Escaping and sanitizing SVGs in metabox textarea
  3. What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
  4. Reason for Lowercase usernames
  5. What is the best way to sanitize data?
  6. Should nonce be sanitized?
  7. esc_url removes white space. Can I change that to using ‘-‘?
  8. WP Coding standards – escaping the inescapable?
  9. Sanitatizing when using the posts_where hook
  10. Escape hexadecimals/rgba values
  11. Must I serialize/sanitize/escape array data before using set_transient?
  12. Echo JavaScript Safely
  13. wp_kses ignore allowed and allow everything
  14. Sanitize array callback for the WordPress Settings API
  15. How to escape $_GET and check if isset?
  16. What’s a safe / good way to output HTML safely within WordPress templates?
  17. Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
  18. WP_Customize_Manager: How to get control ID
  19. How to use wp_filter_oembed_result?
  20. Sanitization html output itself
  21. Post text sanitization after publishing/editing – changes are not saved
  22. wp_set_object_terms() without accents
  23. Escaping data from database (users table) is necessary?
  24. Properly sanitize an input field “Name “
  25. What is the proper way to sanitize $_POST and $_GET vars?
  26. Why is sanitize_text_field() selectively trimming data?
  27. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  28. wordpress sanitize array?
  29. Should HTML output be passed through esc_html() AND wp_kses()?
  30. Sanitize content from wp_editor
  31. What’s the difference between esc_* functions?
  32. Sanitizing integer input for update_post_meta
  33. Sanitize User Entered CSS
  34. Which KSES should be used and when?
  35. Is sanitize_text_field() is enough to save to DB?
  36. How to sanitize select box values in post meta?
  37. WP doesn’t show Array Custom Fields?
  38. how to sanitize checkbox input?
  39. Sanitizing post content for use in an email
  40. How to get input_attrs in the sanitize function?
  41. What is the difference between sanitize_text_field() and wp_filter_nohtml_kses()?
  42. Sanitizing `wp_editor();` Values for Database, Edit, and Display
  43. I’m confused about URL sanitization in meta boxes
  44. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  45. where to apply “apply filters” and other Sanitization Functions
  46. How to save html and text in the database?
  47. Multiple register settings, with same option name – issue
  48. Is default functions like update_post_meta safe to use user inputs?
  49. Sanitize textarea instead of input
  50. vs WordPress Security
  51. Cannot get ‘sanitize_callback’ to work for rest parameters
  52. How to sanitize user input?
  53. How to sanitize my cookie name
  54. Do We Need to Validate, Sanitize, or Filter Simple Numerical Superglobals (Cookies and Post)?
  55. wpdb get_results() and prepare when to use prepare?
  56. WordPress Settings API – Sanitize Integer
  57. WP_Editor – Saving Value into Plugin Option – Stripping HTML
  58. CSS from textarea in options page to frontend what to do
  59. How to get rid of shortcodes in post content once and for all
  60. Is it sensible to worry about sanitizing admin input in plugin custom CSS?
  61. How to use sanitize_callback?
  62. Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
  63. Are all hooks/functions tied to Kses meant for sanitization?
  64. sanitize_text_field and apostrophe problem
  65. Getting error to display radio button value in General Settings page
  66. What data sanitzation function should be used to store entire source code of webpage?
  67. What functions does WordPress use for filtering / sanitizing comments?
  68. wordpress is adding a second backslash when I use addslashes
  69. WordPress messes up with data attributes in shortcode output
  70. textarea field is getting escaped for some unknown reason
  71. Do we need to escape data that we receive from theme options?
  72. Input sanitation
  73. Sanitize user input fields before wp_insert_post
  74. How WordPress sanitizes post content on save? Or it doesn’t?
  75. Function sanitize_title() does not appear to be working
  76. Restrict characters in comment section
  77. Toggle Shortcode Sanitize Title
  78. How to use checked() function with multiple check box group? How to properly sanitize that checkbox group?
  79. How to allow arbitrary inline CSS in posts?
  80. how to sanitize customizer checkbox control
  81. Trouble matching strings (titles) using wp_query
  82. Sanitize WordPress Array Input?
  83. How to save Checkbox-Options in Plugin Options Page
  84. Customizer textarea with script tag won’t work in live preview
  85. do I need to sanitize a shortcode’s function input?
  86. Data not displaying in text field
  87. Array/List Edit in Backend
  88. Escaping and sanitization
  89. Escaping WP_Query tax_query when term has special character(s)
  90. Proper Way to Sanitize Meta Input
  91. Comparing pre-saved post_title to post-saved post_title
  92. Save selectlist value (taxonomy) in wp:wp_set_object_terms
  93. Settings api sanatize callback not being triggered
  94. Auto post with filling templates from external data and update periodical
  95. Notice: Undefined index: in options-framework.php
  96. Sanitizing a custom query’s clauses
  97. Customizer sanitize_callback for input type number
  98. How to use esc_attr__() function properly to translate a variable that contains string?
  99. How can I properly sanitize the update_option in WordPress?
  100. Extend file format support for post thumbnails