Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?

Allowing user to control code is explicitly unsafe operation. As you note the purpose of sanitization is pretty much to not let user slip in anything executable and/or with malicious intent.

To “sanitize” executable code you would need programmatic understanding of it (code parser) and criteria engine to distinguish what is safe and what is not. For such requirements it is utopian.

Natively WordPress lets admin use JavaScript in post content. Now and then people report it as “horrible security vulnerability”, but really it’s just binary matter of trust — either you trust some user to input executable code or you don’t. There is essentially no middle ground or “but not that code” in this case.

Related Posts:

  1. Solutions for generating dynamic javascript / CSS
  2. Any alternate TinyMCE4 themes / subthemes?
  3. How to add material design css in wordpress and woocommerce
  4. What is the safe way to print tracking code / pixel code before tag or tag
  5. How to get javascript slider to work! [closed]
  6. How to escape multiple attribute at once in WordPress?
  7. How can I wrap all blog posts image with
  8. White screen when attaching css to function.php
  9. WordPress theme resource won’t load over VPN
  10. theme-independent CSS/JS files
  11. How to reuse parts of WordPress site e.g. header, footer, part of header for multiple WordPress sites?
  12. What is The Best Way to Make Parallax header effect for wordpress theme ?? pure CSS or using JavaScript? [closed]
  13. How to define and link full path to css located at a random folder on header.php
  14. What is the preferred way to add custom javascript files to the site?
  15. How to add custom css file in theme?
  16. CSS not updating in browser when I change it
  17. Do I actually need to link my theme’s style.css in the theme files
  18. CSS classes for theme
  19. Should `get_template_directory_uri()` be escaped?
  20. Splitting WordPress theme CSS into multiple files, good or bad?
  21. How to sanitize select box values in post meta?
  22. Google Maps not displaying in wordpress using Google Maps Javascript API
  23. When to use esc_url, esc_html, esc_attr, and friends?
  24. Suggestions for creative use of post format feature, or themes that use them well
  25. Add class to before_widget for all widgets with a dropdown and a counter
  26. What is the best practice for customizing a plugin’s JavaScript/jQuery?
  27. Add a preview to a WordPress Control Panel
  28. use add_action(‘wp_head’) in a widget for generating dynamic CSS styles
  29. How to Change CSS Variable value in Theme Customizer Live Preview
  30. CSS in child theme not overriding the parent theme [closed]
  31. How to add (css) classes to only one wp_nav_menu()?
  32. Adding dashicon fonts to the admin of pre 3.8 installs
  33. How to keep theme layout the same when admin gray bar is present?
  34. wp_head() not inserting the default stylesheet style.css
  35. Writing Clean WooCommerce Styles
  36. De-registering parent style sheet css recommended?
  37. WordPress Customizer Control with React
  38. Alterntives to BEM syntax that comply with WordPress coding standards? [closed]
  39. WordPress 5.8 update problem custom theme styles are overridden by core styles common.min.css
  40. WordPress default theme css units
  41. Where is definied the theme location for the main menu in a WordPress template?
  42. How to correctly add JQuery in a WP theme?
  43. current-menu-item class not working
  44. enqueue_style is not working
  45. Weekly background code not working
  46. How do the default themes reference style.css?
  47. JavaScript Change focus to password field login page being reset
  48. Is it possible to edit the styling of the admin panel from within a custom theme?
  49. Using esc_url with a hard coded url
  50. What are the Entry classes for?
  51. Single page site with history.js
  52. How to edit my theme for full width?
  53. How to add styles set by user in the customizer
  54. Use second time navigation.js in underscores [closed]
  55. How remove render blocking css from wordpress when you build a theme?
  56. How to: JQuery multiple wordpress media uploader buttons in the same options page?
  57. Following Web Performance Optimization techniques to output static and dynamic css
  58. Displaying icon image for WordPress post formats, is there a cleaner way to do this?
  59. Internal Stylesheet in WordPress Theme development
  60. Redirect to another page using contact form 7? [closed]
  61. My jQuery is enqueued properly. So why isn’t it working?
  62. How to rotate every letter in a title
  63. Theming Using Bootstrap Glyphicons and WordPress Dashicons
  64. Broken theme, template is missing
  65. wp_enqueue_script not working?
  66. Having issue with WordPress wp_enqueue_style
  67. Why would you use esc_attr() on internal functions?
  68. How to safely return the HTML?
  69. pass wordpress template directory into ajax url call
  70. Do I need to escape get_the_post_thumbnail function?
  71. Javascript development in Custom Themes
  72. CSS preprocessor file messed up after compiled
  73. add jquery file if a certain page is included
  74. Customize Option Framework
  75. Some doubts about WordPress handle the horizontal main menu visualization
  76. Can’t change theme name
  77. How to format the first line of a post differently?
  78. security concerns if using html data-* attribute for l10n?
  79. enqueuing external and internal js and css in wordpress did not work with owl.js animate.css
  80. How to create a robust and logic class naming system in WordPress theme developing?
  81. echo cutom css code to WordPress page template file ? is this safe?
  82. 3 Level Menu Navigation (3rd Level not displaying)
  83. How to enqueue scripts properly with ES6 webpack?
  84. register dependency css and js inside a plugin class
  85. Correct form of escaping and localization – functions.php breadcrumbs
  86. wp_kses allow checkbox class and checked
  87. How to fix an issue with customizer live preview?
  88. How would I get this to work – send to post from thick box
  89. Custom CSS no getting applied
  90. editor style css and page template with and without sidebar
  91. Why the slideshow is not shown in my theme?
  92. Theme customizer live preview JS- Trying to bind to an html image url without luck
  93. Set start page depending on screen width [closed]
  94. wp_deregister_script was called incorrectly
  95. Custom link color or stylesheets
  96. How to highlight current menu bar base on the URL?
  97. How can i move my product name & price from below thumbnail to be the rollover content in Avada & Woocommerce?
  98. Should we escape the values of constants?
  99. WordPress search field won’t get wider
  100. When trying to run build script with gutenberg (with SVG import) – Error: Plugin name should be specified
techhipbettruvabetnorabahisbahis forumueduedueduedusedusedusedueduseduedus