Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tom J Nowell
November 01, 2015
Technology
800
0
Share
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1.1k
Composer_and_WordPress__1_.pdf
tarendai
0
96
REST APIs for Absolute Beginners
tarendai
0
1k
VVV 2
tarendai
0
850
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
550
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
800
Adv WP CLI
tarendai
0
770
WP CLI
tarendai
0
740
Other Decks in Technology
See All in Technology
速さだけじゃない! VoidZero ツールが移行先に選ばれる理由
mizdra
PRO
6
740
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
50k
AI-DLCを活用した高品質・安全なAI駆動開発実践 / AI Driven Development
yoshidashingo
1
350
コードレビューを制するチームがソフトウェアデリバリーのフローを制す / Beyond Code Review: Distributing Its Responsibilities Across the SDLC
mtx2s
3
1k
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
soudai
PRO
0
170
ポケモンの型をTypeScriptの型システムで表現してみた
subroh0508
0
310
AIにフローを作らせようとして挫折した話
hamatsutaichi
0
160
Mastering Ruby Box
tagomoris
3
150
Databricks 月刊サービスアップデート 2026年05月号
tyosi1212
0
200
【Gen-AX】20260530開催_JJUG CCC 2026 Spring
genax
0
420
関西に縁あるMicrosoft MVPsが語るCopilotの未来
kasada
0
1.1k
美味しいスイスチーズを作ろう🧀🐭
taigamikami
1
230
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
590
GitHub's CSS Performance
jonrohan
1033
470k
Deep Space Network (abreviated)
tonyrice
0
160
Code Reviewing Like a Champion
maltzj
528
40k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.7k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
150
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.2k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.7k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
380
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
160
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com
tarendai
mizdra
safie_recruit
yoshidashingo
mtx2s
soudai
subroh0508
hamatsutaichi
tagomoris
tyosi1212
.png){kind=avatar}
genax
kasada
taigamikami
dougneiner
katarinadahlin
jonrohan
tonyrice
maltzj
philnash
davidcarrasco
kevinliebholz
codingconduct
tammyeverts
skipperchong
marketingsoph
![Search Results For: <?php echo $_GET[‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_7.jpg){kind=link}
![Search Results For: <?php echo $_GET [‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_8.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_12.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_13.jpg){kind=link}
