$30 off During Our Annual Pro Sale. View Details »

Escape From New York

Tom J Nowell
November 01, 2015
Technology
0
590

Escape From New York

A talk on escaping and security in WordPress and PHP

Tom J Nowell

November 01, 2015
Tweet

More Decks by Tom J Nowell

See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
660
Composer_and_WordPress__1_.pdf
tarendai
0
61
REST APIs for Absolute Beginners
tarendai
0
700
VVV 2
tarendai
0
480
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
280
WP The Right Way
tarendai
0
920
Code Deodorant 2014
tarendai
1
590
Adv WP CLI
tarendai
0
570
WP CLI
tarendai
0
440

Other Decks in Technology

See All in Technology
開発チーム横断タスクフォース 「Goサブ会」の 運用事例と今後の展望
stefafafan
0
130
VRの世界でLTしていく (LT) - NIFTY Tech Day 2023
niftycorp
0
120
2023 Digital Accessibility Legal Update – Part One
3playmarketing
0
110
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
17
9.9k
CTO of the year 2023ピッチ資料(オーディエンス賞)チューリングCTO青木
aoshun7
0
740
go-ldap Contribution
kazamori
0
120
トヨタの社内コミュニティについて色々聞いちゃおう ~たった4年の奇跡の軌跡~
taichinakamura
0
700
Micro Frontends for Java Microservices - SF JUG 2023
mraible
PRO
1
230
更新”しない”ドキュメント管理 「イミュータブルドキュメントモデル」の実運用
kosui
11
1.6k
生成AIでシステム開発はどう変わるか
etaroid
19
7.9k
徹底解説!Power Platform 導入の成功事例から見る DX 推進のコツ / Tips for DX promotion from Power Platform case studies
karamem0
0
610
LINE WORKS 最新メジャーアップデート(v3.8)勉強会
lwug
0
160

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
342
19k
How to name files
jennybc
59
87k
Making the Leap to Tech Lead
cromwellryan
120
8.2k
Code Reviewing Like a Champion
maltzj
511
38k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.4k
Side Projects
sachag
450
39k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
Infographics Made Easy
chrislema
236
17k
Fireside Chat
paigeccino
18
2.3k
Optimising Largest Contentful Paint
csswizardry
7
2k
Rails Girls Zürich Keynote
gr2m
90
12k
The Brand Is Dead. Long Live the Brand.
mthomps
48
7.5k

Transcript

  1. Escape From New York
    Tom J Nowell

    View Slide

  2. Validation
    Sanitisation
    Escaping

    View Slide

  3. Validation:
    Is this what it claims to be?

    View Slide

  4. Sanitisation:
    Lets clean up this input

    View Slide

  5. Escaping:
    Making output safe

    View Slide

  6. WordPress.com VIP
    VIP Wrangler - @tarendai

    View Slide

  7. '; DROP TABLE votes'

    View Slide

  8. Search Results For:

    View Slide

  9. Search Results For: [‘s’]; ?>

    View Slide

  10. Test

    View Slide

  11. Test

    View Slide

  12. alert(“hey”);

    View Slide

  13. Search Results For:

    View Slide

  14. Search Results For:

    View Slide

  15. How to Escape

    View Slide

  16. Sanitize early
    Escape Late
    Escape Often

    View Slide

  17. No Data is Safe

    View Slide

  18. <br/>

    View Slide

  19. Escape Everything..?

    View Slide

  20. echo $var;
    echo esc_html( $var );

    View Slide

  21. class=””
    class=””

    View Slide

  22. href=””
    href=””

    View Slide

  23. wp_kses & wp_kses_post

    View Slide

  24. echo apply_filters( ‘the_content’
    wp_kses_post( $content ) );

    View Slide

  25. tomjn.com/escaping

    View Slide

  26. WordPress.com VIP
    VIP Wrangler - @tarendai

    View Slide

  27. automattic.com/work-with-us/vip-wrangler/

    View Slide

  28. Questions?
    Tom J Nowell - WordPress.com VIP
    @tarendai - tomjn.com

    View Slide