tldr; Gabriel Wicke and I completed the first iteration last week of our intermediate templating language. The runtime is available in both JavaScript [1] *and* PHP [2]. We're still working on optimizing the PHP version, but the JS version is already the fastest of anything we've bench marked [3][4].

If you don't know what I'm talking about... :) For a while the foundation has been debating which templating language we should standardize on [5]. The basic requirements are that it needs to be able to render content in both JS and PHP, it needs to be fast, it needs to be small, and it needs to be secure.

After considering all the existing solutions we determined that no solution fulfills all the desired requirements. Popular libraries like handlebars or hogan as used by Flow and Mobile are missing principled escaping, which leaves escaping of user-provided data to the template writer. XSS vulnerabilities need to be avoided with discipline and manual security review. We decided to see if we could make something with automatic escaping, that is more easily coupled into the MediaWiki enviornment, and address future uses in VisualEditor and reactive pages.

Our solution comes in two parts; 1) a compiler into an intermediate language, and 2) an runtime to turn the intermediate language into HTML. This email is about the second part, TAssembly (template assembly language), which is a generic intermediate runtime which processes a JSON structure that can be quickly reassembled into HTML using only string replacement. Contextual information is placed into the structure at compile time to ensure proper escaping regardless of the source of the data. Other static details compiled into TAssembly, such as information about i18n strings and partial templates, can be extracted in order to help delivery systems like ResourceLoader more efficiently push content.

The TAssembly runtimes are available at [1] and [2].

The javascript implementation of a KnockoutJS to TAssembly compiler is available at [6].

Although other compilers could be written, see the discussion about the benefits of KnockoutJS (syntax and optional runtime) and our rationale for using DOM based templating compiled to a string based intermediate at [7].

Our next steps will be: - to continue to iterate on improving performance - integrate with ResourceLoader for template blob delivery - write the Knockoff client library for mediawiki integration (i18n availability mostly) - port the compiler to PHP for better integration or provide some sort of service based compilation - support blessing of objects in the data model

[1] https://github.com/gwicke/tassembly [2] https://github.com/mattofak/knockoff [3] https://www.mediawiki.org/wiki/Requests_for_comment/HTML_templating_library#... [4] test framework: https://github.com/gwicke/TemplatePerf [5] https://www.mediawiki.org/wiki/Requests_for_comment/HTML_templating_library [6] https://github.com/gwicke/tassembly [7] https://www.mediawiki.org/wiki/Requests_for_comment/HTML_templating_library/...

~Matt Walker Wikimedia Foundation Fundraising Technology Team