[erlang-questions] Thoughts on EHE - the PHP killer
Matti Oinas
matti.oinas@REDACTED
Sat Feb 18 17:33:11 CET 2012
On 02/18/2012 05:13 PM, Joe Armstrong wrote:
> In theory having a watertight
> barrier between logic and presentation seems like
> a good idea - but is it?
Sometimes it is and sometimes isn't. Most of the time at work I'm not
the one who writes the HTML. They just send these HTML templates to me
and I'll add necessary PHP code to these templates. With total
separation of logic and presentation I could just replace old html
template with new one without any modifications. It probably wouldn't
work every situations but in these situations I could just revert back
to the old way of inserting PHP into HTML. If this separation would work
even 80% of situations then I sure would benefit from that.
We need things like EHE for maximum flexibility, but enlive like
template engine would help us also a lot. I wouldn't mind mixing these
two into same application. Using enlive like engine when possible and
using EHE when other engine doesn't provide enough flexibility. When
writing HTML myself then enlive like template doesn't offer much
compared to EHE. Only thing enlive style engine could offer as a benefit
compared to EHE is automatic escaping for the dynamic content. I know
how things need to be escaped that they are safe to use, but I do forget
to do that escaping sometimes and will introduce XSS vulnerabilities to
the code. Even if vulnerability couldn't be used anything serious it
could still damage the reputation of the service and service could lose
its users.
Xmerl could be used to parse these templates if only XHTML would be
supported. We could also easily validate these templates for correct
markup using XML validators.
Matti
More information about the erlang-questions
mailing list