Escape From New York

Transcript

1. Escape From New York Tom J Nowell

2. Validation Sanitisation Escaping

3. Validation: Is this what it claims to be?

4. Sanitisation: Lets clean up this input

5. Escaping: Making output safe

6. WordPress.com VIP VIP Wrangler - @tarendai

7. '; DROP TABLE votes'

8. Search Results For: <?php echo $_GET[‘s’]; ?>

9. Search Results For: <?php echo $_GET [‘s’]; ?>

10. <b>Test</b>

11. <b>Test</b>

12. <script>alert(“hey”);</script>

13. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

14. Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>

15. How to Escape

16. Sanitize early Escape Late Escape Often

17. No Data is Safe

18. <script src='//peniscorp.com/topkek.js'> </script>

19. Escape Everything..?

20. echo $var; echo esc_html( $var );

21. class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”

22. href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”

23. wp_kses & wp_kses_post

24. echo apply_filters( ‘the_content’ wp_kses_post( $content ) );

25. tomjn.com/escaping

26. WordPress.com VIP VIP Wrangler - @tarendai

27. automattic.com/work-with-us/vip-wrangler/

28. Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com