The Importance of Escaping All The Things

WordPress.com VIP: Enterprise content management platform

Nick Daugherty is WordPress.com VIP Lead Engineer. Here he shares some important information about escaping in code and how that can increase security in WordPress sites anywhere in the world. 

If there’s one issue we flag more often than all others in code reviews…it’s escaping.

For starters, we should all agree that escaping (fundamentally, sanitizing input and escaping output) is a critical aspect of web application security. What may be less universally agreed upon is where to escape. On that point, we require “late escaping“- escaping as close as possible to the point of output – and further, we now require it everywherealways.

You may now be thinking:

“Do I really need to “late escape” everything? Always? Even core WordPress functions?”

We hear you. And, here’s why this is important to us:

In addition to some automated scanning, we manually review every line of code our VIP customers commit to the VIP platform. And…

View original post 601 more words

Advertisements

About Aaron Holbrook

Aaron started crafting websites came at the age of 14, when he built a fan site for his favorite video game: Age of Empires. This passion led to a degree in Computer Science and Mathematics and, befitting the game, a minor in Economics. Aaron cultivated a passion for HTML, CSS and PHP and built his own Content Management System months before discovering WordPress in 2004. After managing a hospital website for 5 years, Aaron’s passion for engineering online publishing solutions drove him to focus on WordPress full time. Before he knew it, Aaron found himself speaking at 5 WordCamps and leading the organization of WordCamp Chicago 2013. He even managed to make core contributions to WordPress 3.5 and 3.6 and release a few plug-ins on the official repository. When Aaron isn’t rocking WordPress, he’s playing video games (he’ll even cop to watching “professional StarCraft matches”), working out, hanging out with his 2 kids, and on at least one occasion, jumping out of airplanes.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s