What is the safe way to print tracking code / pixel code before tag or tag

It sounds like you’re trying to implement a general purpose field for users to enter any kind of tracking code/JS into. This approach gives users the most flexibility but it means that you are trusting them to put whatever JavaScript that they want into the header and footer. By default, users need the administrator or super admin roles to edit theme options, so as long as your admins are trusted, this should be okay. WordPress will add slashes to the option values when they are saved, so use stripslashes() on the output.

Another approach would be to have a specific field for each script that you’d like to output. Have the user enter their ID/identifier/or whatever piece of unique information is required for a particular snippet. Then in your output function, concatenate and escape (using esc_js()) the user entered value into the boilerplate JS snippet. This is pretty rigid, but it would give you tight control over what the user is able to add to the site.

Related Posts:

  1. How to sanitize select box values in post meta?
  2. Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?
  3. How to escape html generate by a loop
  4. How to escape multiple attribute at once in WordPress?
  5. Contact Form Security
  6. Worthwhile to restrict direct access of theme files?
  7. Why is wp_head() creating a top margin at the top of my theme header?
  8. Should `get_template_directory_uri()` be escaped?
  9. What’s the difference between esc_* functions?
  10. Caching and Versioning for rtl.css
  11. What is the difference between esc_html and wp_filter_nohtml_kses?
  12. How to escape custom css?
  13. Can I create customizer setting that can handle plugin shortcode?
  14. Is it good to rename theme folder downloaded from WordPress.org?
  15. How to control initial wp_head() output?
  16. When to use esc_url, esc_html, esc_attr, and friends?
  17. How can I get wp_head() as a string instead of echoing it?
  18. Worthwhile to restrict direct access of theme files?
  19. Where i should not use if (!defined(‘ABSPATH’)) { exit; }?
  20. Escaping built-in WP function return strings
  21. What is the difference between strip_tags and wp_filter_nohtml_kses?
  22. use add_action(‘wp_head’) in a widget for generating dynamic CSS styles
  23. esc_url not working within add_settings_field callback
  24. wp_head() not inserting the default stylesheet style.css
  25. Sanitizing comments or escaping comment_text()
  26. Is it safe to enqueue a font style without putting http or https?
  27. How Could I sanitize the receive data from this code
  28. Why wp_head() function not loading style.css?
  29. Using esc_url with a hard coded url
  30. Underscore Based Theme File Permissions in Git
  31. How to modify default controls in WordPress theme customizer
  32. correct tags for validating input types
  33. Do we need to escape data that we receive from theme options?
  34. How to allow certain PHP functions when using sanitize_callback in the word press customizer
  35. Why would you use esc_attr() on internal functions?
  36. Is there any solution, ide/tool etc., for automatic escaping for WordPress?
  37. How to safely return the HTML?
  38. Do I need to escape get_the_post_thumbnail function?
  39. How to use Canonical URL meta tag to avoid duplicate content issues with WP home pages
  40. Strict Folder and File Permissions for WordPress Themes Folder
  41. hide theme files for admin beneath root
  42. Data Validation & Sanitization for Big HTML Blocks
  43. Correct form of escaping and localization – functions.php breadcrumbs
  44. wp_kses allow checkbox class and checked
  45. Trouble creating custom sanitization function when uploading video files
  46. How to output wp_enqueue_style() in HTML head instead of footer
  47. How to use esc_attr__() function properly to translate a variable that contains string?
  48. Is there a way to prevent wp_head from outputting self-closing tags?
  49. esc_url, esc_url_raw or sanitize_url?
  50. Should we escape the values of constants?
  51. how to sanitizing $_POST with the correct way?
  52. How to create .pot files with POedit?
  53. How do I get the theme URL in PHP?
  54. Why when I submit a form in wordpress it loads a 404 page though URL is correct
  55. What is the constant WP_USE_THEMES for?
  56. Any alternate TinyMCE4 themes / subthemes?
  57. add_editor_style not working
  58. How can I include a post in a theme?
  59. Custom CSS In Uploads Folder
  60. How to write .htaccess dynamically? [closed]
  61. Adding wp_enqueue_media(); causes problem
  62. A guide or tool for inserting bootstrap in underscores theme? [closed]
  63. What is the correct way to do a mobile theme for WordPress?
  64. What is the right way to make custom main page?
  65. .sub-menu or .children?
  66. Script only partially runs on theme activation, but runs fully on deactivation?
  67. How to echo category_description() without stripping out html tags?
  68. Stylesheet not linking
  69. How to control layout of posts on page?
  70. Custom metabox for custom page template
  71. Primary navigation menu & footer not showing in category / tag page
  72. create category on theme setup
  73. Exclude read more in the_excerpt [closed]
  74. Is accessing theme and using customizer GPL distribution?
  75. Comment status shows ‘closed’ in db, but it shows ‘open’ when i echo it
  76. I used single quote to design HTML of my WordPress blog. Now site redirects to index.php everytime than page.php or single.php
  77. WordPress HTML5 Gallery Support – Convert HTML4 -> HTML5
  78. Issue On Displaying Pages with Post Name Permalink
  79. Where do you add code in custom fuctions so it works on a specific page?
  80. WordPress: Allowed Memory Size Exhausted – After Moving from Dev to Live [closed]
  81. What exactly is “wordpress theming”? [closed]
  82. GrandParent ,Parent, Child issue
  83. Unable to add widgets to sidebars in custom theme
  84. View list of all attachments on site
  85. How do I display a greyed out next_post_link when there is no next post
  86. What is the difference between Twenty eleven & roots framework?
  87. Woocommerce AJAX filters option loading spiner – problem on mobile device
  88. How to Modify WP_Includes/blocks/latest_posts.php
  89. Adding popup support to the theme
  90. Page For Specific Posts
  91. How to reduce the vertical space above and below a ul list uniformly with one command?
  92. How can I show a custom WordPress menu anywhere I want on my website?
  93. How to know and change the machine name of a menu?
  94. How does mediaelement.js work in WordPress?
  95. Images use & location, on new wordpress theme
  96. WordPress Theme Developments – Start from another theme
  97. Access meta box checked value in another file
  98. Slider should be display in home template [closed]
  99. How does offset works on pagination? (get_results)
  100. How to Create a Multi Purpose Theme?