How to output Adsense code in wordpress theme Safely!!

wordpress

#1

Hi Guys,
1.I need help in correctly or safely outputting user entered Adsense/ads code from options panel to the front end in themes.
2.Is it necessary to avoid inline javascript in backend in options panel also?
Any help will be much appreciated.


#2

if you want to safely output javascript, you need to use esc_js( $code ) as that will escape anything bad that might be injected into the code.


#3

Hi Gareth,
Thanks for the quick reply but that is safe way of entering data in variables, it will stripout the adsense code and make it un usable


#4

no it shouldn’t, it will only escape good javascript, esc_js is a sanitization for removing bad code. WordPress has a lot of esc_ functions to strip out bad code.


#5

This is what is outputted when using esc_js

<script type=‘text/javascript’>\n var googletag = googletag || {};\n googletag.cmd = googletag.cmd || [];\n (function() {\n var gads = document.createElement(‘script’);\n gads.async = true;\n gads.type = ‘text/javascript’;\n var useSSL = ‘https:’ == document.location.protocol;\n gads.src = (useSSL ? ‘https:’ : ‘http:’) +\n ‘//www.googletagservices.com/tag/js/gpt.js’;\n var node = document.getElementsByTagName(‘script’)[0];\n node.parentNode.insertBefore(gads, node);\n })();\n</script>\n


#6

it’s changing line breaks to /n so remove them all beforehand, see if that fixes it…

if esc_js doesn’t work then look at esc_attr, have a look at all the sanitization classes in WP.


#7

Escaping will not work Gareth, I want to know how authors who have recently approved themes circumvent the problem.
Thank you for helping.