Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Tom J Nowell
November 01, 2015
Technology
800
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1.2k
Composer_and_WordPress__1_.pdf
tarendai
0
96
REST APIs for Absolute Beginners
tarendai
0
1k
VVV 2
tarendai
0
870
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
560
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
810
Adv WP CLI
tarendai
0
780
WP CLI
tarendai
0
740
Other Decks in Technology
See All in Technology
Zenoh on Zephyr on LiteX
takasehideki
2
120
[AWS Summit Japan 2026]迷っているあなたへ_小さな一歩が、やがて自分を助けてくれる
sh_fk2
2
430
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
360
WebGIS AI Agentの紹介
_shimizu
0
580
Flow 不死:AI 時代 DevOps 的不變本質
cheng_wei_chen
2
550
AIは、人間らしい仕事の夢を見るか?─ AI時代のtoB/toEプロダクトを再設計する
techtekt
PRO
0
160
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
210
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
470
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
600
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
110
40代で“やっとエンジニアになれた”――閉じた学びを開き、空の青さを知る / 20260628 Naoki Takahashi
shift_evolve
PRO
4
1k
Deep Data Security 機能解説
oracle4engineer
PRO
2
230
Featured
See All Featured
Building an army of robots
kneath
306
46k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
The Curse of the Amulet
leimatthew05
2
13k
WENDY [Excerpt]
tessaabrams
11
38k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.4k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
210
Navigating Team Friction
lara
192
16k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
370
The agentic SEO stack - context over prompts
schlessera
0
830
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
160
HDC tutorial
michielstock
2
720
My Coaching Mixtape
mlcsv
0
150
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com