Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
630
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
770
Composer_and_WordPress__1_.pdf
tarendai
0
62
REST APIs for Absolute Beginners
tarendai
0
810
VVV 2
tarendai
0
600
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
360
WP The Right Way
tarendai
0
970
Code Deodorant 2014
tarendai
1
630
Adv WP CLI
tarendai
0
610
WP CLI
tarendai
0
500
Other Decks in Technology
See All in Technology
AI研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
130
ABEMAにおけるLLMを用いたコンテンツベース推薦システム導入と効果検証
cyberagentdevelopers
PRO
1
700
20240725 LLMによるDXのビジョンと、今何からやるべきか @Azure OpenAI Service Dev Day
nrryuya
3
1.1k
Luupの開発組織におけるインシデントマネジメントの変遷 ver.RoadtoSRENEXT2024
grimoh
1
270
さらに高品質・高速化を目指すAI時代のテスト設計支援と、めざす先 / AI Test Lab vol.1
shift_evolve
0
190
[NIKKEI Tech Talk]Bias for Action!! 実践から学ぶための仕組とコミュニティ / Community for Practice and Learning
kanamasa
0
260
Git 研修 Basic【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
310
サービスの持続的な成長と技術負債について
siva_official
PRO
10
4.4k
Github Actions 로 Android 팀의 효율성 극대화
hadonghyun
0
160
VPoEの視点から見た、ヘンリーがサーバーサイドKotlinを使う理由 / Why Server-side Kotlin 2024
cho0o0
1
420
Docker互換のセキュアなコンテナ実行環境「Podman」超入門
devops_vtj
6
3.2k
ギークの理想が7つ集まるエムスリーで夢を叶えよう - エムスリー株式会社
m3_engineering
1
260
Featured
See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
35
6.3k
Six Lessons from altMBA
skipperchong
24
3.2k
A Modern Web Designer's Workflow
chriscoyier
689
190k
YesSQL, Process and Tooling at Scale
rocio
166
14k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
360
22k
From Idea to $5000 a Month in 5 Months
shpigford
377
46k
What's new in Ruby 2.0
geeforr
338
31k
Web development in the modern age
philhawksworth
203
10k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
78
15k
StorybookのUI Testing Handbookを読んだ
zakiyama
15
4.9k
Gamification - CAS2011
davidbonilla
78
4.9k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com