Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
720
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
980
Composer_and_WordPress__1_.pdf
tarendai
0
81
REST APIs for Absolute Beginners
tarendai
0
980
VVV 2
tarendai
0
770
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
470
WP The Right Way
tarendai
0
1k
Code Deodorant 2014
tarendai
1
730
Adv WP CLI
tarendai
0
700
WP CLI
tarendai
0
660
Other Decks in Technology
See All in Technology
SCONE - 動画配信の帯域を最適化する新プロトコル
kazuho
1
210
ニッポンの人に知ってもらいたいGISスポット
sakaik
0
180
Findy Team+ QAチーム これからのチャレンジ!
findy_eventslides
0
470
AI時代こそ求められる設計力- AWSクラウドデザインパターン3選で信頼性と拡張性を高める-
kenichirokimura
3
350
サイバーエージェント流クラウドコスト削減施策「みんなで金塊堀太郎」
kurochan
4
2.2k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
12
81k
Building a cloud native business on open source
lizrice
0
110
『バイトル』CTOが語る! AIネイティブ世代と切り拓くモノづくり組織
dip_tech
PRO
1
130
Performance Insights 廃止から Database Insights 利用へ/transition-from-performance-insights-to-database-insights
emiki
0
330
なぜAWSを活かしきれないのか?技術と組織への処方箋
nrinetcom
PRO
5
1k
20251014_Pythonを実務で徹底的に使いこなした話
ippei0923
0
220
大規模サーバーレスAPIの堅牢性・信頼性設計 〜AWSのベストプラクティスから始まる現実的制約との向き合い方〜
maimyyym
10
5k
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Six Lessons from altMBA
skipperchong
29
4k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.6k
Designing Experiences People Love
moore
142
24k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
KATA
mclloyd
PRO
32
15k
The Language of Interfaces
destraynor
162
25k
Bash Introduction
62gerente
615
210k
jQuery: Nuts, Bolts and Bling
dougneiner
65
7.9k
The World Runs on Bad Software
bkeepers
PRO
72
11k
Embracing the Ebb and Flow
colly
88
4.9k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com