XHP: Inline XML For PHP
Anyone developing with PHP quickly learns that PHP’s ability to generate HTML is both a blessing and a curse. While PHP supports the ability to generate dynamic websites and HTML, it often creates kludgy and difficult code. Facebook, one of the world’s largest consumers of PHP and fresh off their announcement of HipHop, has noted this problem as well, and decided to try and solve it by introducing XHP.
XHP, in a nutshell, is designed to augment the syntax of PHP to allow for inline XML to be included in PHP code. More simply put, XHP permits PHP to understand HTML syntax, eliminating the need for quotation marks, concatenation, escaping and all of the other headaches associated with including HTML directly into PHP code.
XHP also does one other amazing thing: it automatically makes your HTML safe. Rather than having to use the escape functions on your HTML to ensure that PHP variables are safe for output, XHP automatically does this, ensuring that anything you output will not result in an XSS or other malicious attack. This builds in security by default, and helps prevent accidental security holes.
Another feature of XHP is that it automatically detects mistakes in your markup at parse time, and reports them along with PHP markup mistakes. This means that it’s impossible to generate malformed pages using XHP, because it would generate a parser error rather than allow such a page to be displayed. XHP actually reads the HTML syntax, ensuring that your HTML is well-formed and correct.
Rasmus Lerdorf does a writeup of the performance implications related to XHP, pointing out that PHP does take a significant performance hit with it turned on. He also points out that PHP’s use of APC, along with HipHop probably mitigates this performance impact, but reminds people that they should consider the impact on their own applications before installing and using the extension themselves. That being said, it’s unlikely that XHP will remain the same forever; performance improvements are likely to continue, especially if other developers like and improve upon the existing extension.