Menu
Menu
OWL: A 'better' PHP for single-server apps

OWL: A 'better' PHP for single-server apps

OWL Web Language features a JavaScript-like syntax and compiles to PHP, promising more security and safety

PHP has been a staple of server-side web development for years. Now, a developer from Netflix is building a variation on the language that offers “the good parts” while purporting to be easier to use and more secure.

Called OWL, for OWL Web Language, the language features a JavaScript-like syntax and compiles to PHP. In a beta stage of development, OWL is best suited for single-server applications and is not intended to displace PHP. “It’s more of a new, secure interface on top of the same engine underneath,” developer Joe Lesko said. “But I could see more developers choosing OWL over raw PHP over time, especially for single-developer projects.” Ideas in OWL might even become incorporated into PHP, he said. Lesko has published instructions on getting started with OWL.

PHP, OWL documentation states, has strengths such as being friendly to novice programmers, lacking build steps, and having a large library of built-in commands. But it also has shortcomings including a “disorganized” standard library, security vulnerabilities, and an inconsistent approach to error-handling. In addition to a familiar, JavaScript-like syntax, OWL promises security, safety, and consistency. The language might even be controversial, Lesko notes, considering it offers no tabs and just spaces, only single-quoted strings, and no switch or while statements. 

OWL features a web framework that includes a router as well as a template system for embedding HTML and other content within scripts. To prevent cross-site scripting (XSS), the template function system automatically escapes OWL expressions. Owl was built with secure string-handling in mind to protect against a major source of web vulnerabilities, Lesko added.

“It’s really difficult, even for experienced developers, to cover every possibility, so I think it’s important for a web language to protect as much as it can by default.” For example, OWL automatically sends CSP (Content Security Policy) headers to prevent malicious client scripts and requires LockStrings, a new kind of templatized string, for sensitive operations like database queries and system calls. 

Other features in OWL include the Litemark markup language for writing content and a base stylesheet with a Flexbox grid system and SVG icons. OWL has been tested to compile to the PHP versions 5.6-plus and 7.0.  Future plans for OWL include adding secure form-handling and validation and session support. Other plans involve the addition of Windows support and asset caching. Right now, OWL works with MacOS and Linux.

The OWL Web Language, by the way, is unrelated to the WC3’s Web Ontology Language, which goes by the same acronym. Lesko said he did not think there would be any confusion between the two but would find a way to disambiguate if the naming becomes an issue.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

More about Content SecurityCSPLinuxNetflixOWL

Show Comments

Market Place