Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tom J Nowell
November 01, 2015
Technology
0
760
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1.1k
Composer_and_WordPress__1_.pdf
tarendai
0
92
REST APIs for Absolute Beginners
tarendai
0
1k
VVV 2
tarendai
0
810
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
510
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
760
Adv WP CLI
tarendai
0
740
WP CLI
tarendai
0
700
Other Decks in Technology
See All in Technology
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.4k
データの整合性を保ちたいだけなんだ
shoheimitani
8
3.2k
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
380
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
13k
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
240
Tebiki Engineering Team Deck
tebiki
0
24k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
200
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
20260208_第66回 コンピュータビジョン勉強会
keiichiito1978
0
160
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
aeonpeople
6
2.5k
Featured
See All Featured
Mind Mapping
helmedeiros
PRO
0
88
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
117
110k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.2k
Designing for Timeless Needs
cassininazir
0
130
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
The Pragmatic Product Professional
lauravandoore
37
7.1k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
Un-Boring Meetings
codingconduct
0
200
Why Our Code Smells
bkeepers
PRO
340
58k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
62
New Earth Scene 8
popppiees
1
1.5k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com
tarendai
sansan33
shoheimitani
sansantech
stahnma
yuu551
tebiki
andrzejkrzywda
keiichiito1978
aeonpeople
helmedeiros
twada
geoffreycrofte
cassininazir
maggiecrowley
mraible
lauravandoore
raygrieselhuber
codingconduct
bkeepers
techseoconnect
popppiees
![Search Results For: <?php echo $_GET[‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_7.jpg){kind=link}
![Search Results For: <?php echo $_GET [‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_8.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_12.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_13.jpg){kind=link}
