[spoondan]

Presumably he means allowing users to thoughtlessly work with unsafe values. One way that XHP could mask this problem is clear by looking at:

    echo <span class="username">{$_POST['name']}</span>;

Now someone comes along and decides the span is unnecessary, turning the code into the (erroneous):

    echo $_POST['name'];

However, I don't think this is a problem with XHP's approach, except in the sense that XHP doesn't go far enough in fixing PHP's faults.

If PHP gave all unsafe values the type "unsafe string" and disallowed all implicit conversion to safe types, then XHP's approach would be a welcome way of doing the right thing by default. Programmer-introduced errors like the above example would result in fatal type errors instead of exploits (presuming "echo" won't take unsafe strings and so requires a conversion function, like htmlspecialchars or the hypothetical unsafe_cast).

[wvenable]

One could simple write their own "echo" function which only takes an XML object parameter.

    // This works
    write(<span class="username">{$_POST['name']}</span>); 
  
    // Where as this wouldn't work
    write($_POST['name']);

I think perhaps the use of echo in these examples is just a simplification. More than likely, in Facebook, these XML classes are outputted by another function.