Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
730
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1k
Composer_and_WordPress__1_.pdf
tarendai
0
84
REST APIs for Absolute Beginners
tarendai
0
980
VVV 2
tarendai
0
780
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
490
WP The Right Way
tarendai
0
1k
Code Deodorant 2014
tarendai
1
730
Adv WP CLI
tarendai
0
720
WP CLI
tarendai
0
670
Other Decks in Technology
See All in Technology
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
130
Copilotの精度を上げる!カスタムプロンプト入門.pdf
ismk
10
3.2k
日々のSlackアラート確認運用をCustom Chat Modesで楽にした話 / 日々のSlackアラート確認運用をCustom Chat Modesで楽にした話
imamotohikaru
0
330
「データ無い! 腹立つ! 推論する!」から 「データ無い! 腹立つ! データを作る」へ チームでデータを作り、育てられるようにするまで / How can we create, use, and maintain data ourselves?
moznion
3
850
Digitization部 紹介資料
sansan33
PRO
1
5.9k
Amazon ECS デプロイツール ecspresso の開発を支える「正しい抽象化」の探求 / YAPC::Fukuoka 2025
fujiwara3
6
580
仕様駆動 x Codex で 超効率開発
ismk
2
1.3k
QAエンジニアがプロダクト専任で チームの中に入ると。。。?/登壇資料(杉森 太樹)
hacobu
PRO
0
180
バグと向き合い、仕組みで防ぐ
____rina____
0
240
The Twin Mandate of Observability
charity
1
1.3k
開発者が知っておきたい複雑さの正体/where-the-complexity-comes-from
hanhan1978
6
2.4k
マウントとるやつ、リリースするやつ
otsuki
1
110
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The Cost Of JavaScript in 2023
addyosmani
55
9.2k
Visualization
eitanlees
150
16k
Stop Working from a Prison Cell
hatefulcrawdad
272
21k
Scaling GitHub
holman
463
140k
A better future with KSS
kneath
239
18k
Unsuck your backbone
ammeep
671
58k
Site-Speed That Sticks
csswizardry
13
960
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
54k
Rails Girls Zürich Keynote
gr2m
95
14k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com
tarendai
ttelltte
ismk
imamotohikaru
moznion
sansan33
fujiwara3
hacobu
____rina____
charity
hanhan1978
otsuki
sonatard
aleyda
samlambert
addyosmani
eitanlees
hatefulcrawdad
holman
kneath
ammeep
csswizardry
aki_iinuma
gr2m
![Search Results For: <?php echo $_GET[‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_7.jpg){kind=link}
![Search Results For: <?php echo $_GET [‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_8.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_12.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_13.jpg){kind=link}
