| CARVIEW |
Over 27% of Websites
Have Critical Vulnerabilities
The most common critical vulnerability in websites is Cross-Site Scripting (XSS). It allows an attacker to insert a malicious script into a page that executes in the browser of an unsuspecting user. It can modify the page, obtain sensitive information or even steal the user's identity.
Templating systems fail to defend against XSS. Latte is the only system with an effective defense, thanks to context-sensitive escaping.
Anyone who wants a well-secured website uses Latte.
Quiz: Can you defend against XSS vulnerability?
Source: Acunetix Web Vulnerability Report
Example of automatic escaping of the $text variable in several
different contexts (you can edit the top template):
{var $text = "O'Neill"}
- in text: <span>{$text}</span>
- in attribute: <span title={$text}></span>
- in unquoted attribute: <span title={$text}></span>
- in JavaScript: <script>var = {$text}</script>
- in text: <span>O'Neill</span> - in attribute: <span title='O'Neill'></span> - in unquoted attribute: <span title="O'Neill"></span> - in JavaScript: <script>var = "O'Neill"</script>
A Language You Know Well
We're not kidding, you already know the Latte language. You already know how to write expressions in it. In fact, they are written exactly just like in PHP. So you don't have to think about how to write things in Latte. You don't have to look in the documentation. You don't have to learn another language. You just write like in PHP. More about Latte syntax
Loop
<ul>
{foreach $users as $user}
<li>{$user->name}</li>
{/foreach}
</ul>
Condition
{if $post->status === Status::Published}
Read post
{elseif count($posts) > 0}
See other posts
{/if}
Expressions
{$product?->getDiscount()}
{$foo[0] + strlen($bar[Bar::Const])}
{array_filter($nums, fn($n) => $n < 100)}
Latte vs Twig
Latte is based on PHP, whereas Twig is based on Python. A designer in Latte
doesn't have to constantly switch between two different conventions. For
example, between for person in people in templates and
foreach $people as $person in PHP. He doesn't even have to think
about where to use {% %} and where to use {{ }},
because Latte has one {...} delimiter.
Try the Twig to Latte tool.
<ul>
{foreach $foo->items as $item}
<li>{$item->name}</li>
{/foreach}
</ul>
<ul>
{% for item in foo.items %}
<li>{{ item.name }}</li>
{% endfor %}
</ul>
Keyboard-Saving Mode That Gets You Excited
Users love this feature. We call it n:attributes. Any paired
tags, such as {if} ... {/if}, wrapping an HTML element can be
written as its n:if attribute. This makes for a very efficient
notation. Attributes can also have inner- and tag-
prefixes, then the behavior applies to the inside of the element respectively
the opening and ending HTML tags. More about n-attributes
Using n:attributes:
<ul n:if="count($menu) > 1" class="menu">
<li n:foreach="$menu as $item">
<a n:tag-if="$item->href" href={$item->href}>
{$item->caption}
</a>
</li>
</ul>
And the Same Without Them:
{if count($menu) > 1}
<ul class="menu">
{foreach $menu as $item}
<li>
{if $item->href}<a href={$item->href}>{/if}
{$item->caption}
{if $item->href}</a>{/if}
</li>
{/foreach}
</ul>
{/if}
Latte Pampers Developers
Editing
Latte has native support in NetBeans and an excellent plugin for PhpStorm that suggests tags, filters and PHP code.
Debugging
Stay in touch. The plugin for Tracy informs you on each page which templates and which variables are being rendered.
Next Generation Templates
Latte is a next generation templating system – it understands HTML. Where other systems see only a bunch of characters, Latte sees HTML elements. This is the reason why it has two amazing features like context-sensitive escaping and n:attributes.
How Blade, Twig and other systems see the template
░░░░░░░░░░░░░░░
░░░░░░
░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░@yield ('description')░
░░░░░░░
░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░
@foreach ($navigation as $item)
░░░░░░░░░░░░{{$item->link}}░{{$item->title}}░░░░░░░
@endforeach
░░░░░
░░░░░░░░
░░░░░░░░░░░░{{ $appName }}░
░░░░░░░░░
░░░░░░░
░░░░░░░
How Latte sees the template
<!DOCTYPE html>
<html>
<head>
<title>It's all about context</title>
<meta name="description" content={include description}>
</head>
<body>
<ul class="navigation">
{foreach $navigation as $item}
<li><a href={$item->link}>{$item->title}</a></li>
{/foreach}
</ul>
<script>
var appName = {$appName};
</script>
</body>
</html>
In Full Equipment
Layouts and Inheritance
Sophisticated template reuse and inheritance mechanisms increase your productivity because each template contains only its unique content, and repeated elements and structures are reused.
Sandbox
The Latte has an armoured bunker right under the hood. It's called sandbox mode, and it isolates templates from untrusted sources, such as those edited by users themselves. It gives them limited access to tags, filters, functions, methods, etc. How does it work?
It is Really Fast
Latte compiles template down to the optimal PHP code at the same time as you work. So it is as quick as if you created purely PHP. The compiled PHP code is clear and easy to debug. The template is automatically recompiled each time we change the source file.
Over 18 Years
We have been developing Latte for over 18 years- and counting! Libraries we provide are therefore highly mature, stable, and widely used. They are trusted by a number of global corporations and many significant websites rely on us. Who uses and trusts Latte?
Great documentation
Readers praise documentation for clarity and completeness. We wish you a pleasant reading.
Open Source
Latte is open source and completely free to use.
