Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
710
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
960
Composer_and_WordPress__1_.pdf
tarendai
0
77
REST APIs for Absolute Beginners
tarendai
0
970
VVV 2
tarendai
0
760
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
470
WP The Right Way
tarendai
0
1k
Code Deodorant 2014
tarendai
1
720
Adv WP CLI
tarendai
0
690
WP CLI
tarendai
0
650
Other Decks in Technology
See All in Technology
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
760
エンジニアリングマネージャーの成長の道筋とキャリア / Developers Summit 2025 KANSAI
daiksy
1
200
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
applism118
22
12k
Platform開発が先行する Platform Engineeringの違和感
kintotechdev
4
580
AWSで始める実践Dagster入門
kitagawaz
1
630
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
lauchacarro
0
210
💡Ruby 川辺で灯すPicoRubyからの光
bash0c7
0
120
Practical Agentic AI in Software Engineering
uzyn
0
110
AIエージェントで90秒の広告動画を制作!台本・音声・映像・編集をつなぐAWS最新アーキテクチャの実践
nasuvitz
0
210
DDD集約とサービスコンテキスト境界との関係性
pandayumi
3
290
2025年になってもまだMySQLが好き
yoku0825
8
4.8k
「どこから読む?」コードとカルチャーに最速で馴染むための実践ガイド
zozotech
PRO
0
510
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1032
460k
Gamification - CAS2011
davidbonilla
81
5.4k
Music & Morning Musume
bryan
46
6.8k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
A better future with KSS
kneath
239
17k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Navigating Team Friction
lara
189
15k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Writing Fast Ruby
sferik
628
62k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
The Power of CSS Pseudo Elements
geoffreycrofte
77
6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com