Allowing user to control code is explicitly unsafe operation. As you note the purpose of sanitization is pretty much to not let user slip in anything executable and/or with malicious intent.
To “sanitize” executable code you would need programmatic understanding of it (code parser) and criteria engine to distinguish what is safe and what is not. For such requirements it is utopian.
Natively WordPress lets admin use JavaScript in post content. Now and then people report it as “horrible security vulnerability”, but really it’s just binary matter of trust — either you trust some user to input executable code or you don’t. There is essentially no middle ground or “but not that code” in this case.
Related Posts:
- Solutions for generating dynamic javascript / CSS
- Any alternate TinyMCE4 themes / subthemes?
- How to add material design css in wordpress and woocommerce
- What is the safe way to print tracking code / pixel code before tag or tag
- How to get javascript slider to work! [closed]
- How to escape multiple attribute at once in WordPress?
- How can I wrap all blog posts image with
- White screen when attaching css to function.php
- WordPress theme resource won’t load over VPN
- theme-independent CSS/JS files
- How to reuse parts of WordPress site e.g. header, footer, part of header for multiple WordPress sites?
- What is The Best Way to Make Parallax header effect for wordpress theme ?? pure CSS or using JavaScript? [closed]
- If necessary, how should wp_get_attachment_image() and its parameters be escaped?
- Worthwhile to restrict direct access of theme files?
- How important is it to enqueue a theme’s stylesheet?
- Enqueue a stylesheet for login page and make it appear in head element
- Generating CSS Files Dynamically Using PHP Scripts?
- Enqueue Stylesheets After Theme’s “rtl.css”
- Are the WordPress Core CSS styles really all nessesary?
- Understanding wp_add_inline_style
- Hide a div that is part of all pages on one specific page
- Why I can’t add a CSS style in this WordPress theme?
- Can’t get staging site to display same way as live site. Completely stumped
- Is it good to rename theme folder downloaded from WordPress.org?
- Editing the custom background CSS
- How to edit an existing WordPress theme? [closed]
- Escaping built-in WP function return strings
- esc_url not working within add_settings_field callback
- Modifying JS files in Child-theme
- Convert a static website to a WordPress theme and import all existing content
- Custom CSS In Uploads Folder
- Root Sage theme styles are not working!
- Modify the Additional CSS section (adding a disclaimer)
- Is it safe to enqueue a font style without putting http or https?
- How to hook CSS file according to theme selection in the customizer section
- Custom CSS without css.php file
- Media Uploader in custom path
- jQuery not available to other scripts
- Using PIE CSS in WordPress. “localizing” styles
- How to check if a WordPress core block is active in sidebar
- How to override checkbox styles if these inputs have a unique id [closed]
- WordPress Unite Theme: Footer isn’t sticking [closed]
- How to disable wordpress from overload my stylesheet styles with customizer styles
- Underscore Based Theme File Permissions in Git
- Theme Customizer not loading JS for live preview
- How can I add custom text styles to the visual text editor?
- Displaying icon image for WordPress post formats, is there a cleaner way to do this?
- Internal Stylesheet in WordPress Theme development
- My jQuery is enqueued properly. So why isn’t it working?
- Enqueued JavaScript is not working
- How to change footer or for different kinds of users in wordpress?
- Theming Using Bootstrap Glyphicons and WordPress Dashicons
- How to register and enqueue JavaScript files without breaking plugin dependencies?
- Broken theme, template is missing
- wp_enqueue_script not working?
- Having issue with WordPress wp_enqueue_style
- How do I use wp_nav_menu?
- Why would you use esc_attr() on internal functions?
- Assign custom classes to the divs inside the loop
- How to safely return the HTML?
- pass wordpress template directory into ajax url call
- Javascript development in Custom Themes
- add jquery file if a certain page is included
- Customize Option Framework
- Some doubts about WordPress handle the horizontal main menu visualization
- Can’t change theme name
- header, stylesheet not being read
- How to format the first line of a post differently?
- security concerns if using html data-* attribute for l10n?
- enqueuing external and internal js and css in wordpress did not work with owl.js animate.css
- How to create a robust and logic class naming system in WordPress theme developing?
- echo cutom css code to WordPress page template file ? is this safe?
- hide theme files for admin beneath root
- 3 Level Menu Navigation (3rd Level not displaying)
- How to enqueue scripts properly with ES6 webpack?
- register dependency css and js inside a plugin class
- How to display only the first two elements from ten same elements
- Correct form of escaping and localization – functions.php breadcrumbs
- Does any JavaScript file load automatically for index.php file?
- wp_kses allow checkbox class and checked
- How to fix an issue with customizer live preview?
- How would I get this to work – send to post from thick box
- Custom CSS no getting applied
- How can I fix the even/odd child classes comments so that the comments are unaffected by the top-level even/odd?
- editor style css and page template with and without sidebar
- Why the slideshow is not shown in my theme?
- Set start page depending on screen width [closed]
- Paginated WP_Query doesn’t return 404’s, even when posts don’t exist
- Custom link color or stylesheets
- Setting different CSS for all pages except home.php
- How to highlight current menu bar base on the URL?
- How customizable is a self-hosted WordPress blog compared to a Blogger blog?
- How can i move my product name & price from below thumbnail to be the rollover content in Avada & Woocommerce?
- WP Customizer get control value on change
- Execute javscript when theme customizer loads (autosave issue)
- Should we escape the values of constants?
- Align images to the left of the content
- WordPress search field won’t get wider
- When trying to run build script with gutenberg (with SVG import) – Error: Plugin name should be specified
- How to add group-row to InnerBlock template?