RealTime IT News

Facebook secures open source PHP with XHP

From the 'HipHop?' files:

Facebook is one of the biggest PHP users on the planet and they seem to thinkFacebook XHP they can do more on their own, then the php community can do. In 2010, Facebook developers built HipHop as a newer/faster PHP runtime.

Now Facebook is going after security with the new XHP extension. The basic idea behind XHP is to make front-end code easier to understand and to help mitigate against Cross Site Scripting (XSS) attacks. In XHP, XML can be used inside of PHP.

"Baking XML into the PHP syntax yields some other advantages which may not be obvious at first. Probably the coolest is that errors in your markup will now be detected on the server at parse time. That is, it is impossible to generate malformed webpages while using XHP," Facebook engineer Marcel Laverdet wrote.

Umm.. yeah that sounds awesome to me.

Though to be fair, it's important to remember that XML and PHP aren't totally isolated from each other. The whole purpose of the first PHP 5.0 release back in 2004 baked in XML support -- it's just that XHP is going that extra step further that the php.net community never did.

XHP is available up on Github now -  in my limited use it doesn't seem to break existing PHP apps, so this is likely just a net positive gain for PHP devs.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Comment and Contribute