Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
660
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
850
Composer_and_WordPress__1_.pdf
tarendai
0
68
REST APIs for Absolute Beginners
tarendai
0
900
VVV 2
tarendai
0
680
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
420
WP The Right Way
tarendai
0
1k
Code Deodorant 2014
tarendai
1
670
Adv WP CLI
tarendai
0
650
WP CLI
tarendai
0
590
Other Decks in Technology
See All in Technology
.NET AspireでAzure Functionsやクラウドリソースを統合する
tsubakimoto_s
0
190
Docker Desktop で Docker を始めよう
zembutsu
PRO
0
180
2024AWSで個人的にアツかったアップデート
nagisa53
1
110
2024年活動報告会(人材育成推進WG・ビジネスサブWG) / 20250114-OIDF-J-EduWG-BizSWG
oidfj
0
230
商品レコメンドでのexplicit negative feedbackの活用
alpicola
2
370
生成AI × 旅行 LLMを活用した旅行プラン生成・チャットボット
kominet_ava
0
160
AWSの生成AIサービス Amazon Bedrock入門!(2025年1月版)
minorun365
PRO
7
470
My small contributions - Fujiwara Tech Conference 2025
ijin
0
1.5k
0→1事業こそPMは営業すべし / pmconf #落選お披露目 / PM should do sales in zero to one
roki_n_
PRO
1
1.5k
Amazon Route 53, 待ちに待った TLSAレコードのサポート開始
kenichinakamura
0
170
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
540
Visual StudioとかIDE関連小ネタ話
kosmosebi
1
380
Featured
See All Featured
Statistics for Hackers
jakevdp
797
220k
Fireside Chat
paigeccino
34
3.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Docker and Python
trallard
43
3.2k
Scaling GitHub
holman
459
140k
Git: the NoSQL Database
bkeepers
PRO
427
64k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
The Language of Interfaces
destraynor
155
24k
Site-Speed That Sticks
csswizardry
3
270
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.6k
Faster Mobile Websites
deanohume
305
30k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
500
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com