xoscript focuses on security. We aim to use decent quantum resistant cryptography, secure random byte generation, memory leak detection and runtime sandboxing to minimize the attack surface. Our runtime has been designed to be as compact, simple and auditable as possible and runs on Linux and OpenBSD.

Overly complex systems are impossible to secure. Therefore, xoscript is very tiny language consisting of no more than 5 grammar rules. Any developer can learn xoscript within minutes. XOscript features a simplified classless Smalltalk-like syntax. No classes. No factories. No mixins. No interfaces. No lambdas. No types. Just objects. XOScript programs look nice, beautifully elegant and simple.

xoscript ships with all the necessary features for server-side software development. Request handler, session handler, connector for MariaDB and MySQL, XChaCha20 based encryption with Arc4Random and Argon2 key derivation, constant time comparison (tccompare), CURL, PCRE2 regex. Need more? Connect to any SO with FFI. No bloat.

xoscript does not break stuff. By writing down the date of creation of the program at the top of the file, your code will automatically be guarded against any backward incompatibilities in the future. Unlike version pinning, you still benefit from new features, but breaking changes are avoided. Write once, run forever.

XOScript offers a secure template engine featuring rigid separation between logic and presentation and protection against XSS injections. Using markers to cut and paste sections, we promise real separation of presentation and logic. Zero logic in your HTML.

xoscript is free and BSD licensed. As long as you keep the copyright notices intact, you can basically do whatever you want with it. No strings attached. Further more we are independent of big companies and strictly apolitical.