[erlang-questions] Thoughts on EHE - the PHP killer

Matti Oinas matti.oinas@REDACTED
Sat Feb 18 17:33:11 CET 2012


On 02/18/2012 05:13 PM, Joe Armstrong wrote:
> In theory having a watertight
> barrier between logic and presentation seems like
> a good idea - but is it?
Sometimes it is and sometimes isn't. Most of the time at work I'm not 
the one who writes the HTML. They just send these HTML templates to me 
and I'll add necessary PHP code to these templates. With total 
separation of logic and presentation I could just replace old html 
template with new one without any modifications. It probably wouldn't 
work every situations but in these situations I could just revert back 
to the old way of inserting PHP into HTML. If this separation would work 
even 80% of situations then I sure would benefit from that.

We need things like EHE for maximum flexibility, but enlive like 
template engine would help us also a lot. I wouldn't mind mixing these 
two into same application. Using enlive like engine when possible and 
using EHE when other engine doesn't provide enough flexibility. When 
writing HTML myself then enlive like template doesn't offer much 
compared to EHE. Only thing enlive style engine could offer as a benefit 
compared to EHE is automatic escaping for the dynamic content. I know 
how things need to be escaped that they are safe to use, but I do forget 
to do that escaping sometimes and will introduce XSS vulnerabilities to 
the code. Even if vulnerability couldn't be used anything serious it 
could still damage the reputation of the service and service could lose 
its users.

Xmerl could be used to parse these templates if only XHTML would be 
supported. We could also easily validate these templates for correct 
markup using XML validators.

Matti



More information about the erlang-questions mailing list