Sanitizing output that contains quotes?

Another solution would be to put the style directly in the header, and
only put the escaped values in, which would solve the double quote
issue, but in the case that no styling has been set I’m left with an
empty style in my element, and that also seems kinda unnecessary.

You could e.g. check out wp_add_inline_style and only add the style if there exists a non empty CSS theme settings value.

Related Posts:

  1. Should I sanitize an email address before passing it to the is_email() function?
  2. Escaping and sanitizing SVGs in metabox textarea
  3. What is the difference between wp_strip_all_tags and wp_filter_nohtml_kses?
  4. Reason for Lowercase usernames
  5. What is the best way to sanitize data?
  6. Should nonce be sanitized?
  7. esc_url removes white space. Can I change that to using ‘-‘?
  8. WP Coding standards – escaping the inescapable?
  9. Sanitatizing when using the posts_where hook
  10. Escape hexadecimals/rgba values
  11. Must I serialize/sanitize/escape array data before using set_transient?
  12. Echo JavaScript Safely
  13. wp_kses ignore allowed and allow everything
  14. Sanitize array callback for the WordPress Settings API
  15. How to escape $_GET and check if isset?
  16. What’s a safe / good way to output HTML safely within WordPress templates?
  17. Do Not Understand → Rule No. 4: Making Data Safe Is About Context [closed]
  18. WP_Customize_Manager: How to get control ID
  19. How to use wp_filter_oembed_result?
  20. Sanitization html output itself
  21. Post text sanitization after publishing/editing – changes are not saved
  22. wp_set_object_terms() without accents
  23. Escaping data from database (users table) is necessary?
  24. Properly sanitize an input field “Name “
  25. Is sanitize_title enough to generate post slugs?
  26. Data sanitization: Best Practices with code examples
  27. When to use esc_html and when to use sanitize_text_field?
  28. How to safely sanitize a textarea which takes full HTML input
  29. Sanitize and data validation with apply_filters() function
  30. Custom page with variables in url. Nice url with add_rewrite_rule
  31. is_email() VS sanitize_email()
  32. Settings API – sanitizing urls, email addresses and text
  33. Sanitation needed for WP_Query or get_posts calls?
  34. Escaping WP_Query tax_query when term has special character(s)
  35. How to allow HTML tags into WP Bakery (formerly Visual Composer) `textfield` parameter
  36. Can I create customizer setting that can handle plugin shortcode?
  37. Does WordPress sanitize arguments to WP_Query?
  38. Make shortcode work with nested double quotes
  39. Shortcode putting html such as
  40. How to properly sanitize strings without $wpdb->prepare?
  41. Default WordPress settings API data sanitization
  42. How do I sanitize a javascript text?
  43. Importing JSON feed should the content be sanitized?
  44. Is there an equivalent of the PHP function sanitize_key in Gutenberg?
  45. How to display data from custom table in wordpress database?
  46. array_map() for sanitizing $_POST
  47. Correct processing of `$_POST`, following WordPress Coding Standards
  48. How does WordPress store data?
  49. Sanitizing search data for use with WP_Query
  50. why is esc_html() returning nothing given a string containing a high-bit character?
  51. Sanitizing comments or escaping comment_text()
  52. How to sanitize post meta field value?
  53. Data Validation: Always escape late / escape HTML Code
  54. Filter string like a slug
  55. Default WordPress taxonomy (Tag) – How to add a custom field to form and save it to the database
  56. Sanitizing, Validating and Escaping in WordPress (Plugin)
  57. Change filename during upload
  58. Settings API – sanitize_callback is not called and it leads to an incorrect behavior
  59. Why does wp_redirect strip out %0A (url encoded new line character) and how do I make it stop?
  60. Best Practice for Validating and Sanitizing Data
  61. Storing HTML in wp_options
  62. Is it necessary to sanitize wp_set_password user input?
  63. Preserve old values on error in setting API
  64. Can i use the same sanitize function on multiple theme mod textboxes?
  65. Sanitize Disqus API results?
  66. Data sanitization for user registration and user login
  67. Copy content stored in meta to post content
  68. remove_accents does not seem to work (when used inside sanitize_file_name filter)
  69. Customizer: Category Select Sanitize
  70. Prevent invalid or empty values from being saved to the database and retain the form field values upon error
  71. data (html) migration to posts
  72. What is the safe way to print tracking code / pixel code before tag or tag
  73. Change wp_sanitize function?
  74. Do we have to santise html passing into Javascript ? How?
  75. Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
  76. What’s the proper way to sanitize checkbox value sent to the database
  77. How to escape html generate by a loop
  78. Trouble creating custom sanitization function for user list dropdown
  79. Output Sanitation
  80. Invalidate username if it contains @ symbol
  81. Contact Form Security
  82. How to allow certain PHP functions when using sanitize_callback in the word press customizer
  83. Display the line breaks in user bio without using html
  84. Change user nicename without sanitize
  85. Sanitize $_GET variable when comparing
  86. HTML in category name
  87. How can I apply custom sanitization to new usernames?
  88. How do I sanitize the str_replace function in javascript variables
  89. Sanitizing textarea for wp_insert_post with TinyMCE enabled or disabled
  90. Safely store code(html/js..) into database
  91. Sanitaizing Select Optin For Custom Post Type Metabox in WP
  92. settings api and the data passed in the parameter
  93. HTML Img with data:image src gets sanitized in admin?
  94. Do I need to sanitize $_POST[‘keyword’] before send to ‘s’ parameter?
  95. Where is the HTML-handler part in the wpdb class?
  96. I need to get the control choices to sanitize_callback
  97. Can we validate data from jquery
  98. Custom-Metaboxes-and-Fields text_url field prepending http://
  99. Data validation for inline javascript
  100. Extend file format support for post thumbnails