XHP is a PHP extension launched by Facebook to make PHP more safe, easy in front end coding and avoid cross site scripting.
PHP is now used for outputting HTML and this is sometimes very complex (specially when you have to output XML codes ). Now, with the help of XHP PHP understands which content it is outputting.
To understand this consider the following PHP codes-
This is a traditional way of generating HTML output by PHP <?php
if ($_POST['name']) {
?>
<span>Hello, <?=$_POST['name']?>.</span>
<?php
} else {
?>
<form method="post">
What is your name?<br>
<input type="text" name="name">
<input type="submit">
</form>
<?php
}Obviously this code has given a security flaws. After posting a form you need to pass it from htmlspecialchars() , to avoid cross site scripting. Also, its not a good way for writing the application.
And now if we write the same application in XHP
<?php
// note: includes omitted
if ($_POST['name']) {
echo <span>Hello, {$_POST['name']}</span>;
} else {
echo
<form method="post">
What is your name?<br />
<input type="text" name="name" />
<input type="submit" />
</form>;
}In this example you can see is PHP now understands the XML it is outputting, filtering can be done in a context-sensitive manner.
For more information please refer -
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.