Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Tom J Nowell
November 01, 2015
Technology
800
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1.2k
Composer_and_WordPress__1_.pdf
tarendai
0
96
REST APIs for Absolute Beginners
tarendai
0
1k
VVV 2
tarendai
0
870
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
560
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
810
Adv WP CLI
tarendai
0
780
WP CLI
tarendai
0
740
Other Decks in Technology
See All in Technology
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
470
自分が詳しくない領域でAIを使う #プロヒス2026
konifar
20
7.8k
はてなのサービス基盤を支える Kubernetes《足腰》
masayoshimaezawa
0
150
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
150
アラート調査向けAIエージェントの本番導入とその後/AI Agents for Alert Investigation: Production Deployment and After
taddy_919
1
240
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
140
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
スタートアップにAmazon EKSは早すぎる? マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy
elmodev09
1
1.9k
10年間のブログ発信を振り返って見えたWebアプリケーションエンジニアとしての軌跡
stefafafan
0
190
AIチャット検索改善の3週間
kworkdev
PRO
2
190
IaC コードを資産へ:AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026
gotok365
10
1.6k
When Platform Engineering Meets GenAI
sucitw
0
200
Featured
See All Featured
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
120k
GitHub's CSS Performance
jonrohan
1033
470k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
72
40k
Rails Girls Zürich Keynote
gr2m
96
14k
Done Done
chrislema
186
16k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
170
Test your architecture with Archunit
thirion
1
2.3k
Typedesign – Prime Four
hannesfritz
42
3.1k
Context Engineering - Making Every Token Count
addyosmani
9
980
Navigating Weather and Climate Data
rabernat
0
240
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com