Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Tom J Nowell
November 01, 2015
Technology
0
760
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1.1k
Composer_and_WordPress__1_.pdf
tarendai
0
92
REST APIs for Absolute Beginners
tarendai
0
1k
VVV 2
tarendai
0
810
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
510
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
760
Adv WP CLI
tarendai
0
740
WP CLI
tarendai
0
700
Other Decks in Technology
See All in Technology
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.4k
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
20260208_第66回 コンピュータビジョン勉強会
keiichiito1978
0
170
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
330
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
130
Webhook best practices for rock solid and resilient deployments
glaforge
2
300
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
370
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
240
22nd ACRi Webinar - NTT Kawahara-san's slide
nao_sumikawa
0
100
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
2
170
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
260
Featured
See All Featured
A designer walks into a library…
pauljervisheath
210
24k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
83
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.2k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
320
Odyssey Design
rkendrick25
PRO
1
500
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
440
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
830
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com
SiteGround - Reliable hosting with speed, security, and support you can count on.
tarendai
sansan33
sansantech
stahnma
keiichiito1978
shift_evolve
maaaato
glaforge
daitak
aeonpeople
nao_sumikawa
oracle4engineer
slsops
pauljervisheath
kimpetersen
signer
lfama
lauravandoore
marktimemedia
rkendrick25
smashingmag
honzajavorek
addyosmani
tammyeverts
sstephenson
![Search Results For: <?php echo $_GET[‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_7.jpg){kind=link}
![Search Results For: <?php echo $_GET [‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_8.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_12.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_13.jpg){kind=link}
