Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Escape From New York
Search
Tom J Nowell
November 01, 2015
Technology
0
730
Escape From New York
A talk on escaping and security in WordPress and PHP
Tom J Nowell
November 01, 2015
Tweet
Share
More Decks by Tom J Nowell
See All by Tom J Nowell
Using Blocks Outside The Editor
tarendai
0
1k
Composer_and_WordPress__1_.pdf
tarendai
0
87
REST APIs for Absolute Beginners
tarendai
0
980
VVV 2
tarendai
0
780
WordCamp Europe 2016 - Handling Anxiety
tarendai
1
490
WP The Right Way
tarendai
0
1.1k
Code Deodorant 2014
tarendai
1
740
Adv WP CLI
tarendai
0
720
WP CLI
tarendai
0
670
Other Decks in Technology
See All in Technology
Digitization部 紹介資料
sansan33
PRO
1
6.1k
M5UnifiedとPicoRubyで楽しむM5シリーズ
kishima
0
110
オープンデータの内製化から分かったGISデータを巡る行政の課題
naokim84
2
1.4k
20251127 BigQueryリモート関数で作る、お手軽AIバッチ実行環境
daimatz
0
430
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
0
650
プロダクトマネジメントの分業が生む「デリバリーの渋滞」を解消するTPMの越境
recruitengineers
PRO
3
450
生成AI・AIエージェント時代、データサイエンティストは何をする人なのか?そして、今学生であるあなたは何を学ぶべきか?
kuri8ive
2
1.9k
私のRails開発環境
yahonda
0
180
法人支出管理領域におけるソフトウェアアーキテクチャに基づいたテスト戦略の実践
ogugu9
1
130
Security Diaries of an Open Source IAM
ahus1
0
110
手動から自動へ、そしてその先へ
moritamasami
0
180
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
48k
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Designing for humans not robots
tammielis
254
26k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.8k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
Typedesign – Prime Four
hannesfritz
42
2.9k
Navigating Team Friction
lara
191
16k
Code Reviewing Like a Champion
maltzj
527
40k
Speed Design
sergeychernyshev
33
1.4k
Transcript
Escape From New York Tom J Nowell
Validation Sanitisation Escaping
Validation: Is this what it claims to be?
Sanitisation: Lets clean up this input
Escaping: Making output safe
WordPress.com VIP VIP Wrangler - @tarendai
'; DROP TABLE votes'
Search Results For: <?php echo $_GET[‘s’]; ?>
Search Results For: <?php echo $_GET [‘s’]; ?>
<b>Test</b>
<b>Test</b>
<script>alert(“hey”);</script>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>
How to Escape
Sanitize early Escape Late Escape Often
No Data is Safe
<script src='//peniscorp.com/topkek.js'> </script>
Escape Everything..?
echo $var; echo esc_html( $var );
class=”<?php echo $css; ?>” class=”<?php echo esc_attr( $css ); ?>”
href=”<?php echo $url; ?>” href=”<?php echo esc_url( $url ); ?>”
wp_kses & wp_kses_post
echo apply_filters( ‘the_content’ wp_kses_post( $content ) );
tomjn.com/escaping
WordPress.com VIP VIP Wrangler - @tarendai
automattic.com/work-with-us/vip-wrangler/
Questions? Tom J Nowell - WordPress.com VIP @tarendai - tomjn.com
tarendai
sansan33
kishima
naokim84
daimatz
oracle4engineer
recruitengineers
kuri8ive
yahonda
ogugu9
ahus1
moritamasami
aarron
tammielis
chriscoyier
eileencodes
denniskardys
lynnandtonic
hatefulcrawdad
hannesfritz
lara
maltzj
sergeychernyshev
![Search Results For: <?php echo $_GET[‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_7.jpg){kind=link}
![Search Results For: <?php echo $_GET [‘s’]; ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_8.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_12.jpg){kind=link}
![Search Results For: <?php echo esc_html( $_GET[‘s’] ); ?>](https://files.speakerdeck.com/presentations/bf02941029974adcb70e3d607a2e9618/slide_13.jpg){kind=link}
