Facebook Adds XHP to the PHP Improvements Mix

On the heel’s of Facebook’s announcement of HipHop for PHP — their “source code transformer” of the PHP scripting language which many Facebook applications are built upon — comes XHP, an extension to inline XML. The full impact of using XHP is still to be determined, Facebook’s Marcel Laverdet says that this makes “front-end code easier to understand” and helps “avoid cross-site scripting attacks.”

Wading through a selection of Twitter tweets and a few blog posts on XHP, I was able to glean the following overall reasons to both use and not use XHP:

Reasons to use XHP

  1. Tightens security by avoiding cross-site scripting.
  2. Easier to read PHP code that generates HTML. According to Laverdet, “XHP gives PHP the ability to understand XML as if it were native to PHP.” This gives you syntactic sugar and makes code more readable. Your eyes won’t have to go buggy anymore following interwoven “< ? php” and HTML tags. However, code readability is something that Rasmus Lerdorf (creator of PHP) suggests doesn’t concern him much. (You can decide for yourself by looking at the examples at PHP.net’s “Escaping from HTML” manual page. If you are comfortable reading that, in large blocks of code, you may not care about XHP’s readability.)
  3. Markup errors will be detected at parse time.
  4. XHP nodes can be saved as PHP references.
  5. You can define your own elements, making XHP a templating engine. (E.g., you don’t have to use other templating engines, such as Smarty .) See the Githbub wiki for XHP, which states that “… XHP structures can be arbitrarily complex”. Browse the sample code in the “Complex Structures” section, and you’ll see just how complex you can get. (This is exciting from a code manipulation standpoint.)
  6. Useful for Facebook PHP apps. If you’re building PHP apps for Facebook — with APC (Alternative PHP Cache) enabled –, it’s better, but Lerdorf says that “running XHP on plain PHP is definitely out of the question.”

Reasons not to use XHP

Of course, there are some reasons that you may not want to use XHP:

  1. Adds an extra processing step, since code using XHP is now a superset of PHP and has to be parsed to regular PHP. To use APC, you will likely have to grab the extension code and compile it, since it probably will not be installed by default in most PHP distributions.
  2. Not good for straight PHP apps. According to Rasmus Lerdorf (creator of PHP), who did some tests, performance goes down without APC enabled. (But according to Laverdet, XHP has helped Facebook build faster websites. (Read Marcel Laverdet’s comment in Lerdorf’s post.)
  3. Most current versions of PHP IDEs (Integrated Development Environments) will likely give you errors on XHP code. (Commenter Stan Vassilev expands on this thought on Lerdorf’s page.)

Depending on your coding objectives, XHP may or may not benefit you. Have any reasons of your own, for or against using XHP? Do you plan to use XHP? Feel free to weigh in.

Note: Facebook Lite “was written enitrely in XHP”. If you want to try your own projects with XHP, check out its Github and wiki to learn more. Don’t forget the APC flex tarball (.GZ file).