Stay organized with collections
Save and categorize content based on your preferences.
Sandboxed JavaScript is a simplified subset of the JavaScript language that
provides a safe way to execute arbitrary JavaScript logic from Google Tag
Manager's custom templates. To provide a safe execution environment, some
features of JavaScript are restricted or removed. Sandboxed JavaScript is based
on ECMAScript 5.1. Some ECMAScript 6 features such as arrow functions and
const/let declarations are available.
Global execution environment
Sandboxed JavaScript is not executed in the standard global execution
environment like normal JavaScript, so the window object and its properties
are not available. This includes methods defined in the global scope like
encodeURI or setTimeout, global values like location or document, and
global values defined by loaded scripts. In place of these, a global require
function is available to all sandboxed JavaScript that provides many of these
functions. Values can be read from the window with the
copyFromWindow utility.
Simplified type system
Sandboxed JavaScript supports the following types: null, undefined,
string, number, boolean, array, object, and function. Arrays and
objects are created using the literal syntax ( [] {} ), and because there's no
access to the standard global execution environment, global constructors like
String() and Number() aren't available. There is no new keyword in
sandboxed JavaScript, and functions do not have access to the this keyword.
Some native type methods have also been removed. See standard library for an
exhaustive list of supported native type methods.
Custom template code format
The code written to implement a custom template represents the body of a
function that will be executed whenever your tag is fired or your variable is
evaluated. This function has a single data parameter (data) that holds all the
values configured in the UI for that tag or variable instance, with the keys set
to the names of the template parameters specified in the custom template.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-09 UTC."],[[["\u003cp\u003eSandboxed JavaScript in Google Tag Manager offers a secure environment to execute custom code with limited features for safety.\u003c/p\u003e\n"],["\u003cp\u003eIt utilizes a simplified type system and lacks access to the standard JavaScript global execution environment, relying on a \u003ccode\u003erequire\u003c/code\u003e function for functionalities like \u003ccode\u003eencodeURI\u003c/code\u003e or \u003ccode\u003esetTimeout\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eCustom template code acts as a function executed upon tag firing or variable evaluation, receiving configured data through a \u003ccode\u003edata\u003c/code\u003e parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe provided sample demonstrates building a beacon tag using \u003ccode\u003erequire\u003c/code\u003e for functionalities and accessing configuration data via \u003ccode\u003edata\u003c/code\u003e.\u003c/p\u003e\n"]]],["Sandboxed JavaScript, used in Google Tag Manager's custom templates, provides a safe execution environment with restricted features. It uses a simplified type system and lacks the standard `window` object, instead relying on a `require` function for globals. It supports basic types and literal array/object creation. Template code represents a function body with a `data` parameter containing UI-configured values. Code example uses functions `sendPixel`, `encodeUri`, `encodeUriComponent` for building a URL and appending cache buster parameter, then send the pixel with `sendPixel`.\n"],null,["Sandboxed JavaScript is a simplified subset of the JavaScript language that\nprovides a safe way to execute arbitrary JavaScript logic from Google Tag\nManager's custom templates. To provide a safe execution environment, some\nfeatures of JavaScript are restricted or removed. Sandboxed JavaScript is based\non ECMAScript 5.1. Some ECMAScript 6 features such as arrow functions and\n`const`/`let` declarations are available.\n\nGlobal execution environment\n\nSandboxed JavaScript is not executed in the standard global execution\nenvironment like normal JavaScript, so the `window` object and its properties\nare not available. This includes methods defined in the global scope like\n`encodeURI` or `setTimeout`, global values like `location` or `document`, and\nglobal values defined by loaded scripts. In place of these, a global `require`\nfunction is available to all sandboxed JavaScript that provides many of these\nfunctions. Values can be read from the window with the\n[`copyFromWindow`](/tag-platform/tag-manager/templates/api#copyfromwindow) utility.\n| **Note:** `copyFromWindow` creates a deep copy of the values, and it can be an expensive operation to pass those values into and out of the sandbox.\n\nSimplified type system\n\nSandboxed JavaScript supports the following types: `null`, `undefined`,\n`string`, `number`, `boolean`, `array`, `object`, and `function`. Arrays and\nobjects are created using the literal syntax ( `[] {}` ), and because there's no\naccess to the standard global execution environment, global constructors like\n`String()` and `Number()` aren't available. There is no `new` keyword in\nsandboxed JavaScript, and functions do not have access to the `this` keyword.\nSome native type methods have also been removed. See [standard library](/tag-platform/tag-manager/templates/standard-library) for an\nexhaustive list of supported native type methods.\n\nCustom template code format\n\nThe code written to implement a custom template represents the body of a\nfunction that will be executed whenever your tag is fired or your variable is\nevaluated. This function has a single data parameter (`data`) that holds all the\nvalues configured in the UI for that tag or variable instance, with the keys set\nto the names of the template parameters specified in the custom template.\n\nSample beacon tag implementation \n\n const sendPixel = require('sendPixel');\n const encodeUri = require('encodeUri');\n const encodeUriComponent = require('encodeUriComponent');\n\n let url = encodeUri(data['url']);\n\n if (data['useCacheBuster']) {\n const encode = require('encodeUriComponent');\n const cacheBusterQueryParam = data['cacheBusterQueryParam'] || 'gtmcb';\n const last = url.charAt(url.length - 1);\n let delimiter = '&';\n if (url.indexOf('?') \u003c 0) {\n delimiter = '?';\n } else if (last == '?' || last == '&') {\n delimiter = '';\n }\n url += delimiter +\n encodeUriComponent(cacheBusterQueryParam) + '=' + encodeUriComponent(data['randomNumber']);\n }\n sendPixel(url, data['gtmOnSuccess'], data['gtmOnFailure']);"]]