Custom JavaScript Integration

Injected Scripts Overview BulklyCart includes a Custom JavaScript utility designed for merchants and developers who need to inject third-party integrations—s...

Injected Scripts Overview

BulklyCart includes a Custom JavaScript utility designed for merchants and developers who need to inject third-party integrations—such as Google Analytics tracking codes, Meta Pixel pixels, custom css styling scripts, or live chat widgets—directly into the wholesale portal without editing main Shopify liquid files.

Scripts are loaded dynamically inside the wholesale buyer interface, keeping your retail store code clean and separate.

Navigating to Custom Javascript Settings

  1. Open BulklyCart in your Shopify admin.
  2. Go to Portal Pages in the left sidebar menu.
  3. Scroll to the Custom Javascript Block card and click Open Custom Javascript.

Adding a Custom Script

  1. Click Add Script in the top right corner.
  2. Enter a descriptive Name (e.g., "Google Analytics 4" or "Customer Chat Widget").
  3. Select the script Placement location:
  • Head: Injected inside the <head> element. Best for analytics base tags, meta tags, and web font loaders.
  • Body Start: Injected immediately after the opening <body> tag. Best for fallback tracking iframe noscript pixels.
  • Body End: Injected right before the closing </body> tag. Best for interactive widgets, chat windows, and scripts that should load after page layout rendering.
  1. Paste your code block inside the Code field.
  2. Provide optional Internal Notes to document the purpose of the script for your team.
  3. Click Save.

Security & Code Sanitization

To ensure security and prevent site crashes, BulklyCart applies strict rules to all custom code blocks:

[!WARNING] > PHP Tags Prohibited: The code field is validated on the server. If your script contains PHP tags (<?php, <?=, etc.), the submission will be rejected. This is to prevent arbitrary backend code execution.
  • Null Byte Removal: The application automatically sanitizes scripts by removing any null bytes (\x00) to prevent injection exploits.
  • JS & HTML Validation: Ensure your script is wrapped in appropriate HTML tags (like <script> or <style>) if you are inserting tags. Plain text will be injected directly as is.

Managing Active Scripts

The main Custom Javascript screen lists all your saved scripts. From this view, you can:

  • Edit: Modify the name, code, placement, or notes of a script.
  • Delete: Click Delete and confirm to permanently remove the script from the portal. The script is instantly removed from the portal template.