Slide 1
Slide 1 text
Escape From New York
Tom J Nowell
Slide 2
Slide 2 text
Validation
Sanitisation
Escaping
Slide 3
Slide 3 text
Validation:
Is this what it claims to be?
Slide 4
Slide 4 text
Sanitisation:
Lets clean up this input
Slide 5
Slide 5 text
Escaping:
Making output safe
Slide 6
Slide 6 text
WordPress.com VIP
VIP Wrangler - @tarendai
Slide 7
Slide 7 text
'; DROP TABLE votes'
Slide 8
Slide 8 text
Search Results For:
Slide 9
Slide 9 text
Search Results For:
Slide 10
Slide 10 text
Test
Slide 11
Slide 11 text
Test
Slide 12
Slide 12 text
alert(“hey”);
Slide 13
Slide 13 text
Search Results For:
Slide 14
Slide 14 text
Search Results For:
Slide 15
Slide 15 text
How to Escape
Slide 16
Slide 16 text
Sanitize early
Escape Late
Escape Often
Slide 17
Slide 17 text
No Data is Safe
Slide 18
Slide 18 text
Slide 19
Slide 19 text
Escape Everything..?
Slide 20
Slide 20 text
echo $var;
echo esc_html( $var );
Slide 21
Slide 21 text
class=””
class=””
Slide 22
Slide 22 text
href=””
href=””
Slide 23
Slide 23 text
wp_kses & wp_kses_post
Slide 24
Slide 24 text
echo apply_filters( ‘the_content’
wp_kses_post( $content ) );
Slide 25
Slide 25 text
tomjn.com/escaping
Slide 26
Slide 26 text
WordPress.com VIP
VIP Wrangler - @tarendai
Slide 27
Slide 27 text
automattic.com/work-with-us/vip-wrangler/
Slide 28
Slide 28 text
Questions?
Tom J Nowell - WordPress.com VIP
@tarendai - tomjn.com