diff --git a/tests/phpunit/WP-Async-TaskTest.php b/tests/phpunit/WP-Async-TaskTest.php
index 0101668..63db5f8 100644
--- a/tests/phpunit/WP-Async-TaskTest.php
+++ b/tests/phpunit/WP-Async-TaskTest.php
@@ -226,7 +226,8 @@ public function test_handle_postback_invalid_nonce() {
 			die();
 		} );
 		WP_Mock::wpFunction( 'wp_die', array( 'times' => 1 ) );
-
+		WP_Mock::wpPassthruFunction( 'sanitize_text_field' );
+		WP_Mock::wpPassthruFunction( 'wp_unslash' );
 		/** @var Async $async */
 		$async->handle_postback();
 
diff --git a/wp-async-task.php b/wp-async-task.php
index 70fc0c4..690e5de 100644
--- a/wp-async-task.php
+++ b/wp-async-task.php
@@ -128,8 +128,8 @@ public function launch() {
 		public function launch_on_shutdown() {
 			if ( ! empty( $this->_body_data ) ) {
 				$cookies = array();
-				foreach ( $_COOKIE as $name => $value ) {
-					$cookies[] = "$name=" . urlencode( is_array( $value ) ? serialize( $value ) : $value );
+				foreach ( $_COOKIE as $name => $value ) { // input var ok
+					$cookies[] = "$name=" . rawurlencode( is_array( $value ) ? serialize( $value ) : $value );
 				}
 
 				$request_args = array(
@@ -155,16 +155,20 @@ public function launch_on_shutdown() {
 		 * @uses is_user_logged_in()
 		 * @uses add_filter()
 		 * @uses wp_die()
+		 * @uses sanitize_text_field()
+		 * @uses wp_unslash()
 		 */
 		public function handle_postback() {
-			if ( isset( $_POST['_nonce'] ) && $this->verify_async_nonce( $_POST['_nonce'] ) ) {
+			if ( isset( $_POST['_nonce'] ) && $this->verify_async_nonce( $_POST['_nonce'] ) ) { // input var ok
 				if ( ! is_user_logged_in() ) {
 					$this->action = "nopriv_$this->action";
 				}
 				$this->run_action();
 			}
 
-			add_filter( 'wp_die_handler', function() { die(); } );
+			add_filter( 'wp_die_handler', function() {
+				die();
+			});
 			wp_die();
 		}
 
@@ -201,12 +205,12 @@ protected function verify_async_nonce( $nonce ) {
 			$i      = wp_nonce_tick();
 
 			// Nonce generated 0-12 hours ago
-			if ( substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) {
+			if ( substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ) === $nonce ) {
 				return 1;
 			}
 
 			// Nonce generated 12-24 hours ago
-			if ( substr( wp_hash( ( $i - 1 ) . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) {
+			if ( substr( wp_hash( ( $i - 1 ) . $action . get_class( $this ), 'nonce' ), - 12, 10 ) === $nonce ) {
 				return 2;
 			}