[whatwg] HTML 5 and PHP
webmaster at keryx.se
Thu Feb 15 14:20:29 PST 2007
I have a few questions on how HTML 5 might not play nice with PHP.
Considering that maybe 90 % of all content on the web is dynamic and
that PHP have perhaps 50% of that, this one is a biggy.
1. PHP has a useful nl2br-function that takes a string and inserts a
<br> tag before every newline. http://se.php.net/nl2br
If HTML 5 in its HTML serialization actually forbids the self closing
slash in the <br> element it will be impossible to use this function for
anything but the XML serialization. Has the PHP community been informed
on this? Have they replied in any way?
2. Speaking of XML, as of PHP 5 there is a plethora of XML tools
available for manipulation of content: A really good DOM implementation
(with many convenience shortcuts i miss when scripting JS), Simple
XML, XSLT, XML Reader, SAX, XML Writer, etc. Server side it makes very
much sense to use the XML serialization and not the HTML one.
As the spec stands today, I think the discouragement from using "XML on
the web" is way to strongly worded. Client support may be faltering, but
on the server side XML technologies are very mature and very useful.
Personally, if I get user data, i filter it first through Tidy, then
through the strip_tags function, then through XSLT and finally through
some custom functions. This way I am ensured of standards compliant
valid markup and has a solution that is 99.9 % resistant to XSS attacks.
Treating everything as (or with Tidy converting it to) XHTML helps a lot.
I would suggest rephrasing:
Generally speaking, authors are discouraged from trying to use XML on
the Web, because XML has much stricter syntax rules than the "HTML5"
variant described above, and is relatively newer and therefore less mature.
To something like:
Authors must be aware that XML has much stricter syntax rules than the
"HTML5" variant described above and that true XML parser will choke on
even the slightest error.
More information about the whatwg