1. How Xslate works The next generation's template engine YAPC::Asia Tokyo 2010, Day 2, 2010/10/16 10:10-10:50 Fuji, Goro (gfx)[email_address] http://github.com/gfx /

2. Who am I?

Fuji, Goro ( )

id:gfx (hatena)

3. @__gfx__ (twitter) I love...

Perl Internals

4. Perl/XS 5. Moose/Mouse (as Any::Moose) 6. Agenda

What is Xslate

7. How Xslate works

Execution process

8. Why so fast Futures (TODOs) 9. Information 10. What is Xslate?

A template engine for Perl5

11. Written in XS

But also available in pure Perl (thanks to @maka2_donzoko)

Fast, safe, easy to enhance 12. Multi-syntaxes (esp. TT-like syntax) 13. Kind error messages 14. What are template engines?

Text processor vital for web applicatins

15. my $var = sprintf 'Hello, %s world', $foo; # Text::ClearSilver (requested by id:craftworks)

however, ClearSilver is not perfect 35. Thus, use Text::Xslate!

There is no the best, but is a better, Xslate

36. Xslate is at least the fastest, the most safe in the template engines on CPAN 37. Tutorial

Basic usage: Text::Xslate->new()->render()

38. new() accepts:syntax(template syntax) ,module(function-based modules),function(additional functions),path(include path),cache(caching level),cache_dir(used for caches) 39. render() returns a rendered text; cannot output to filehandles directly, nor set calbacks (unlike TT) 40. See alsoText::XslateandText::Xslate::Manual 41. Simplest example #!perl -w use 5.10.0; use strict; use Text::Xslate; my $tx= Text::Xslate-> new (); my %vars = ( lang => 'Xslate', ); # or $tx-> render ($file, vars); say $tx-> render_string ( $item {

= : }

: include 'foo.tx' { bar => 'overrided' } :# See also ` perldoc Text::Xslate::Syntax::Kolon ` 43. Demo

cpanm Text::Xslate

requires Any::Moose (Mouse), Data::MessagePack, etc.

xslate -e 'Hello, ' Xslate 44. xslate -s TTerse -e '[% ARGV.0 %]' 'Hi, TTerse' 45. See also example files inText-Xslate/example/ 46. Details

Performance

47. Safe (XSS tolerance and ristriction) 48. Multi-syntaxes

Kolon

49. TTerse 50. Clevery Enhancement 51. Template cascading 52. Performance (1) RunText-Xslate/benchmark/x-rich-env.pl! 53. Performance (2)

Sam Graham's report Template roundup

http://www.illusori.co.uk/projects/Template-Roundup/

54. based on benchmarks with Template::Benchmark Accoding to this report, Xslate is fastest on the 'instance_reuse' condition 55. i.e.Persistent PSGI applicationswill take the best performance 56. Safe (1)

Risks caused by Template Engines

XSS: Cross Site Scripting

57. a type of computer security vulnerability typically found inweb applicationsthat enables malicious attackers toinject client-side script into web pagesviewed by other users.(by Wikipedia) 58. Safe (2)

Typically caused by missing HTML escaping

e.g. [% foo | html %] (TT2)

Problem: TT2 requiresexplicitescaping

Explicity sucks!

59. Safe (3)

Solution: Template engines must apply HTML-escapingautomatically

60. ->Text::MicroTemplate, Text::Xslate 61. This is XSS tolerance 62. Modern template engines (not only in Perl) should have XSS tolerance, and in fact do so. 63. How to write safe templates

Don't use the 'raw' filter in templates

Don't do that:

64. Escape $foo in perl code, because whether $foo is escaped or not is obscure from templates 65. The 'raw' filter is provided only for string literals 66. Multi-syntaxes

There are multiple template syntaxes

Kolon the default, fully-featured

67. TTerse TT2 compatible 68. Clevery Smarty (in PHP) compatible 69. Kolon

The default template syntax

70. All the features are supported 71. Most optimized 72. TTerse

TT2 compatible (urged by tokuhirom++)

73. Available by default 74. More ristricted than the original TT2 75. No plugins, exceptions, nor mysterious features 76. As good as Kolon to run-time performance 77. Highly compatible, but diffrent to the basics of escaping mechanism 78. Clevery

Smarty compatible template syntax

79. Need to install Text::Clevery 80. With some overhead Clevery Clevery 81. Enhancement

Add TT2-like methods to Xslate

Text::Xslate::Bridge::TT2Like

Function-based modules

Available via the "module" option

82. No plugin namespaces are required 83. Template cascading

Inspired bytemplate inheritanceof T::MicroTemplate::Extended (typester++)

Originated from Django, a framework for Python

More powerful than the 'include' command 84. Only available inKolon 85. See alsoText-Xslate/example/{cascade.pl,cascade,tx,base.tx} 86. How Xslate works

Execution process

Preprocessing

87. Parsing 88. Compiling

Saveing/loading bytecode

Executing Why so fast 89. Execution Process print $foo; fetch_s "foo" print end print $foo Virtual Machine { foo => 'bar' } bar" 90. Preprocessing

" Hello, world! " is difficult to parse :(

91. So convert to that first: 92. " print_raw 'Hello, '; print $lang; print_raw ' world!' " 93. See&T::X::Parser::preprocess 94. Parsing

Parse" print_raw 'Hello, '; print $lang; print_raw ' world!' " and build syntax tree

95. Using Top Down Operator Precendence method 96. Explained in Beautiful Code (O'REILLY) 97. " It is easy to use. It feels a lot like Recursive Descent, but with the need for less code and with significantly better performance. ", Douglas Crockford introduced there. 98. See alsohttp://javascript.crockford.com/tdop/ 99. Top Down Operator Precedence

A top down parsering method

100. Templates -> Tokens (string) -> Symbols (T::X::Symbol) -> Nodes (T::X::Symbol) 101. Symbols (e.g. '+' for infix:) know what they do 102. One easily can extend parsers by adding symbols 103. The parser entry point is&T::X::Parser::statements 104. The heart of TDOP

A symbol might have denotations:

std : statement denotation (for statements)

105. nud : null denotation (for objects and prefixes) 106. led : left denotation (for infixes and postfixes) A "denotation" is a method called by statements() 107. Statement Denotation

e.g. 'if', 'for', 'include'

sub std_while { my($parser, $symbol) = @_; # $symbol represents 'while' my $proc = $symbol->clone( arity => 'while' # node type ); $proc->first( # set first child $parser->expression(0) ); $parser->pointy($proc); # parse return $proc; } 108. Null Denotation

e.g. variables, literals, parens

# '(' expr ')' sub nud_paren { my($parser, $symbol) = @_; # $symbol is '(' my $expr = $parser->expression(0); # $symbol->conterpart is ')' $parser->advance( $symbol->counterpart ); return $expr; } 109. Left Denotation

e.g. 'if', 'for', 'include'

sub led_infix { my($parser, $symbol, $left) = @_; return $parser->binary( $symbol, $left, $parser->expression( $symbol->lbp) ); } 110. Compiling

Convert theabstract syntax treeintobytecode

111. Bytecodeis a serialized sequence ofopcodes

# Hello, world!

112. print_raw_s "Hello, " 113. fetch_s "lang" 114. print 115. print_raw_s " world!" 116. end Also perform optimization 117. Saveing/Loading Bytecode

Precompiling is vital for template engines

e.g. ClearSilver compiles templates, but it cannot save compiled ones (maybe because it targets CGI)

UsingData::MessagePackfor serialization

MessagePack: spec for binary data serialization

118. Like JSON, but fast and small 119. See alsohttp://msgpack.org/ 120. Assembling

Convert thenameof opcode to theaddressof it

121. Using the direct threaded code paradigm 122. Executing

Execute by the virtual machine

123. An opcode (e.g. 'fetch_s') is a block of code with an argument (a sv, int, or address of opcode) 124. e.g. ($a is a register, $out is the reuslt)

fetch_s "foo" # $a = $vars->{foo}

125. print# $out .= $a 126. Execution Process print $foo; fetch_s "foo" print end print $foo Virtual Machine { foo => 'bar' } bar" 127. Why so fast

Precompiling & optimizing

128. Virtual Machine paradigm

Direct threaded code (but gcc only)

HTML escaping 129. Preallocation of the output buffer 130. Optimizing bytecode

Constant folding

(->compile->) literal_i 3

131. (->compile->) noop Injection of cascading templates

Cascading templates are statically concatinated

132. Thus, you cannot pass variables to 'cascade' $ ack -i 'optimize' lib/Text/Xslate/Compiler.pm 133. Virtual Machine

Virtual machine is fast!

134. Register machine (two registers + one stack) 135. Direct Threaded Code

Using direct pointers of labels, not pointers of functions nor indexes of function table

136. HTML Escaping

Important for all the template engines

137. Using highly optimized routines (kazuho++)

As fast as memcpy(3)

138. tx_sv_cat_with_html_escape_force() atText-Xslate/xs/Text-Xslate.xs Experimental hacks for Text::MicroTemplate:

Rewriteing HTML escaping routines makes TMT faster than HTML::Template::Pro

139. Preallocation

Assumption: a template produces a string, and the size of the string is always the same

140. Then 141. First: Save the size of a template 142. Later: Preallocate the buffer with the saved size 143. Futures

Loop controls

144. Context controls 145. Augoment block modifiers 146. More template syntaxes 147. Xslate in WAF 148. Loop controls

last, next (redo?)

149. 10 :> in Kolon 150. [% LAST IF a > 10 %] in TTerse 151. Context controls

Xslate calls functions/methods in scalar context, but there are other cases...

152. postfix:?

foo() list ] :>

postfix:?

foo() @list ] :>

Any ideas? 153. Augment Block Modifiers

Xslate already supports 'around', 'before', 'after'

154. 'augment' like block modifiers are requested 155. More templat syntaxes

HTML::Template (if someone wants)

156. Django (in Python) 157. Jinja (in Python) 158. Any ideas? 159. Xslate in WAF

There are some bridges

Catalyst::View::Xslate for Catalyst

160. MojoX::Renderer::Xslate for Mojo 161. Dancer::Template::Xslate for Dancer 162. Amon uses Xslate via Tiffany More examples are required!

Help me, hackers!

163. Information

http://xslate.org

164. Web+DB Press Vol.59 165. Vote me! Mac Book Pro(>_