Over27% of Websites
HaveCritical Vulnerabilities
The most common critical vulnerability in websites isCross-Site Scripting(XSS). It allows an attacker to insert a malicious script into a page thatexecutes in the browser of an unsuspecting user. It can modify the page, obtainsensitive information or even steal the user's identity.
Templating systems fail to defend against XSS.Latte is theonly system with an effective defense, thanks to context-sensitiveescaping.
Anyone who wants a well-secured website uses Latte.
Quiz: Can you defend against XSS vulnerability?
Source: Acunetix Web Vulnerability Report
Example of automatic escaping of the$text variable in severaldifferent contexts (you can edit the top template):
{var $text = "O'Neill"}- in text: <span>{$text}</span>- in attribute: <span title={$text}></span>- in unquoted attribute: <span title={$text}></span>- in #"view-source:https://...">- in text: <span>O'Neill</span>- in attribute: <span title='O'Neill'></span>- in unquoted attribute: <span title="O'Neill"></span>- in #"O'Neill"</script>
A Language YouKnow Well
We're not kidding, you already know the Latte language. Youalready know how to write expressions in it. In fact, they are written exactlyjust like in PHP. So you don't have to think about how to write things in Latte.You don't have to look in the documentation.You don't have to learn anotherlanguage. You just write like in PHP.More about Latte syntax
Loop
<ul> {foreach $users as $user} <li>{$user->name}</li> {/foreach}</ul>Condition
{if $post->status === Status::Published} Read post{elseif count($posts) > 0} See other posts{/if}Expressions
{$product?->getDiscount()}{$foo[0] + strlen($bar[Bar::Const])}{array_filter($nums, fn($n) => $n < 100)}Latte vs Twig
Latte is based on PHP, whereas Twig is based on Python. A designer in Lattedoesn't have to constantly switch between two different conventions. Forexample, betweenfor person in people in templates andforeach $people as $person in PHP. He doesn't even have to thinkabout where to use{% %} and where to use{{ }},because Latte has one{...} delimiter.
Try theTwig to Lattetool.
<ul> {foreach $foo->items as $item} <li>{$item->name}</li> {/foreach}</ul><ul> {% for item in foo.items %} <li>{{ item.name }}</li> {% endfor %}</ul>Keyboard-Saving Mode ThatGets You Excited
Users love this feature. We call it n:attributes. Any pairedtags, such as{if} ... {/if}, wrapping an HTML element can bewritten as itsn:if attribute. This makes for a very efficientnotation. Attributes can also haveinner- andtag-prefixes, then the behavior applies to the inside of the element respectivelythe opening and ending HTML tags.More about n-attributes
Using n:attributes:
<ul n:if="count($menu) > 1" class="menu"> <li n:foreach="$menu as $item"> <a n:tag-if="$item->href" href={$item->href}> {$item->caption} </a> </li></ul>And the Same Without Them:
{if count($menu) > 1} <ul class="menu"> {foreach $menu as $item} <li> {if $item->href}<a href={$item->href}>{/if} {$item->caption} {if $item->href}</a>{/if} </li> {/foreach} </ul>{/if}Latte Pampers Developers
Editing
Latte has native support in NetBeans and an excellentplugin for PhpStormthat suggests tags, filters and PHP code.
Debugging
Stay in touch. Theplugin forTracy informs you on each page which templates and which variables are beingrendered.
Next Generation Templates
Latte is a next generation templating system – itunderstands HTML. Where other systems see only a bunch of characters, Latte seesHTML elements. This is the reason why it has two amazing features likecontext-sensitiveescaping andn:attributes.
How Blade, Twig and other systems see the template
░░░░░░░░░░░░░░░░░░░░░ ░░░░░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░@yield ('description')░ ░░░░░░░ ░░░░░░ ░░░░░░░░░░░░░░░░░░░░░░░ @foreach ($navigation as $item) ░░░░░░░░░░░░{{$item->link}}░{{$item->title}}░░░░░░░ @endforeach ░░░░░ ░░░░░░░░ ░░░░░░░░░░░░{{ $appName }}░ ░░░░░░░░░ ░░░░░░░░░░░░░░How Latte sees the template
<!DOCTYPE html><html> <head> <title>It's all about context</title> <meta name="description" content={include description}> </head> <body> <ul class="navigation"> {foreach $navigation as $item} <li><a href={$item->link}>{$item->title}</a></li> {/foreach} </ul> <script> var appName = {$appName}; </script> </body></html>In Full Equipment
Layouts and Inheritance
Sophisticated templatereuse andinheritance mechanisms increase your productivity because each templatecontains only its unique content, and repeated elements and structures arereused.
Sandbox
The Latte has an armoured bunker right under the hood. It's called sandboxmode, and it isolates templates from untrusted sources, such as those edited byusers themselves. It gives them limited access to tags, filters, functions,methods, etc.How does it work?
It isReally Fast
Latte compiles template down to the optimal PHP code at the same time as youwork. So it is as quick as if you created purely PHP. The compiled PHP code isclear and easy to debug. The template is automatically recompiled each time wechange the source file.
Over 18 Years
We have been developing Latte for over 18 years- and counting! Libraries weprovide are therefore highly mature, stable, and widely used. They are trustedby a number of global corporations and many significant websites rely on us.Who uses and trusts Latte?
Great documentation
Readers praise documentation for clarity and completeness. We wish you a pleasant reading.
Open Source
Latte is open source and completely free to use.
