/* A blog about frontend web development. */

Archive for the ‘PHP’ Category

Seperation of Script and Markup

August 2nd, 2009

PHP Comic Bot 1I hate a PHP file that is full of HTML. It’s looks messy, it’s hard to debug (especially if you didn’t write it), it creates problems, and makes your web app terribly inflexible.

A Lame Real World Example

WordPress has a vulnerability in a recent version. I have a blog running that version. Comments susceptible to an XSS attack. Not cool.

No big deal though, just need to update a couple files. The important one is a file full of functions for comments.

One of those functions prints out a bunch of HTML for the comments! I’ve modified that and maybe some other stuff because that’s what I do. So I can’t just upload the latest file to my server and fix the security issue¬† because that will overwrite some presentation changes I made.

Presentation shouldn’t be mixed up with business logic. Anyways, I ended up checking a diff of the WordPress files and just changing the lines myself.

Not cool. Keep your HTML somewhere else! I don’t like extra work.