Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?

Allowing user to control code is explicitly unsafe operation. As you note the purpose of sanitization is pretty much to not let user slip in anything executable and/or with malicious intent.

To “sanitize” executable code you would need programmatic understanding of it (code parser) and criteria engine to distinguish what is safe and what is not. For such requirements it is utopian.

Natively WordPress lets admin use JavaScript in post content. Now and then people report it as “horrible security vulnerability”, but really it’s just binary matter of trust — either you trust some user to input executable code or you don’t. There is essentially no middle ground or “but not that code” in this case.

Related Posts:

  1. Solutions for generating dynamic javascript / CSS
  2. Any alternate TinyMCE4 themes / subthemes?
  3. How to add material design css in wordpress and woocommerce
  4. What is the safe way to print tracking code / pixel code before tag or tag
  5. How to get javascript slider to work! [closed]
  6. How to escape multiple attribute at once in WordPress?
  7. How can I wrap all blog posts image with
  8. White screen when attaching css to function.php
  9. WordPress theme resource won’t load over VPN
  10. theme-independent CSS/JS files
  11. How to reuse parts of WordPress site e.g. header, footer, part of header for multiple WordPress sites?
  12. What is The Best Way to Make Parallax header effect for wordpress theme ?? pure CSS or using JavaScript? [closed]
  13. If necessary, how should wp_get_attachment_image() and its parameters be escaped?
  14. How to assess whether a WP core (or other) function is escaped already or not?
  15. jQuery not available to other scripts
  16. Using esc_url with a hard coded url
  17. How to make Isotope and WordPress work together?
  18. Theme Loading Into Dashboard
  19. What are the Entry classes for?
  20. Single page site with history.js
  21. Using PIE CSS in WordPress. “localizing” styles
  22. How to edit my theme for full width?
  23. How to check if a WordPress core block is active in sidebar
  24. Which html elements should be styled in wordpress theme
  25. How to override checkbox styles if these inputs have a unique id [closed]
  26. How to add styles set by user in the customizer
  27. Use second time navigation.js in underscores [closed]
  28. Font Awesome 5 Free – far working but fas is not? [closed]
  29. Theme Javascript.php Overwritten Nightly [closed]
  30. How remove render blocking css from wordpress when you build a theme?
  31. Why doesn’t my css work when I check my theme on mobile devices? [closed]
  32. How to: JQuery multiple wordpress media uploader buttons in the same options page?
  33. WordPress Unite Theme: Footer isn’t sticking [closed]
  34. Following Web Performance Optimization techniques to output static and dynamic css
  35. How to disable wordpress from overload my stylesheet styles with customizer styles
  36. Underscore Based Theme File Permissions in Git
  37. Theme Customizer not loading JS for live preview
  38. correct tags for validating input types
  39. How can I add custom text styles to the visual text editor?
  40. Displaying icon image for WordPress post formats, is there a cleaner way to do this?
  41. What is the meaning of WordPress’s recommended css classes and where are they applied?
  42. Internal Stylesheet in WordPress Theme development
  43. Combining CSS files into a single cached one
  44. Redirect to another page using contact form 7? [closed]
  45. How to i style the elements from the TinyMCE
  46. Using page-id-{ID} from body_class() in local dev, versus live staging
  47. My jQuery is enqueued properly. So why isn’t it working?
  48. Enqueued JavaScript is not working
  49. How to change footer or for different kinds of users in wordpress?
  50. How do I remove inline style in featured image markup?
  51. different way to achive stylesheet_url
  52. How do I use a color from theme options?
  53. Custom image size vs CSS sizing
  54. How to escape html generate by a loop
  55. Why is my CSS not loading?
  56. How to rotate every letter in a title
  57. Ideal inline dynamic CSS injection
  58. Theming Using Bootstrap Glyphicons and WordPress Dashicons
  59. How to register and enqueue JavaScript files without breaking plugin dependencies?
  60. Broken theme, template is missing
  61. wp_enqueue_script not working?
  62. JQuery undefined and Stylesheet loads in bottom along with js files
  63. Having issue with WordPress wp_enqueue_style
  64. Contact Form Security
  65. How do I use wp_nav_menu?
  66. Why would you use esc_attr() on internal functions?
  67. Is there any solution, ide/tool etc., for automatic escaping for WordPress?
  68. theme style is applied on the dhasboard rather than the website
  69. Assign custom classes to the divs inside the loop
  70. SVG in list-style-image breaks when adding fill
  71. How to safely return the HTML?
  72. pass wordpress template directory into ajax url call
  73. Do I need to escape get_the_post_thumbnail function?
  74. How to style bootstrap container in wordpress theme?
  75. CSS added through customizer neglects the need of a child theme?
  76. How to override template files in parent theme?
  77. Javascript development in Custom Themes
  78. LESS not working in WordPress [closed]
  79. Place title (in correct place) above image with opaque background [closed]
  80. A post with a clear:both in its css destroy the theme design, and the sidebar is moved to the bottom
  81. multiple html/css files for wordpress theme?
  82. CSS preprocessor file messed up after compiled
  83. add jquery file if a certain page is included
  84. Customize Option Framework
  85. Why I obtain different visualization when I run the website on my local machine and on remote server?
  86. Some doubts about WordPress handle the horizontal main menu visualization
  87. How to create a WP theme that use BootStrap? [closed]
  88. Can’t change theme name
  89. my single.php is mixup on some post for no reason
  90. How to use the _S framework
  91. header, stylesheet not being read
  92. Tiny MCE custom styles, and preview in the backend
  93. How to format the first line of a post differently?
  94. .current_page_ancestor broken in Twenty Eleven
  95. security concerns if using html data-* attribute for l10n?
  96. enqueuing external and internal js and css in wordpress did not work with owl.js animate.css
  97. WordPress Animation Adjustments
  98. Is there a list of default generated Gutenberg block CSS? Unable to align video blocks
  99. getBoundingClientRect() showing different values on load vs scroll
  100. style variations hurt the editing performance
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)