Version: v0.6.1 - Beta. We welcome contributors & feedback . THanks!

THT is a language that keeps the good parts of PHP and fixes the rest.

A Quick Look

// Familiar variable and List syntax. $colors = ['red', 'blue', 'green']; // New JSON-style syntax for Maps $colorHex = { red: '#FF0000', green: '#00FF00', blue: '#0000FF', }; // Built-in types have methods using // the mainstream 'dot' syntax. $colors.push('purple'); // Extra parens aren't needed. if $colors.length() > 3 { $colors.pop(); } // The standard library is organized // into modules. Response.sendPage({ title: 'Colors', body: bodyHtml($colors), }); // Template Functions let you organize // your output (views) however you like. // (e.g. by component, module, file, etc.) template bodyHtml($colors) { <h1>Colors</> <ul> -- foreach $colors as $c { <li>{{ $c.toUpperCaseFirst() }}</> -- } </> }

THT Keeps the Good Parts of PHP Despite its flaws, PHP has a few unique strengths that has made it one of the most popular languages in the world. Easy Setup PHP is available on every major web host and OS. Using it with Apache is fast out of the box, with virtually no system administration. Simple Routes In PHP, every file has a URL. THT automatically provides clean URLs (e.g. "/myBlog.tht" becomes "/my-blog"), and blocks access to private code. Atomic Requests State and data are automatically cleaned up after every request. This "share nothing" approach enables horizontal scaling and simplifies your app flow. Web Focused PHP is a web language at its core. THT embraces this even further by building in web security and framework features. Batteries Included PHP comes with a massive library of convenient functions. THT completely re-organizes this library and makes it more consistent. Taking PHP Seriously (article) Read More: PHP is available on every major web host and OS. Using it with Apache is fast out of the box, with virtually no system administration.In PHP, every file has a URL. THT automatically provides clean URLs (e.g. "/myBlog.tht" becomes "/my-blog"), and blocks access to private code.State and data are automatically cleaned up after every request. This "share nothing" approach enables horizontal scaling and simplifies your app flow.PHP is a web language at its core. THT embraces this even further by building in web security and framework features.PHP comes with a massive library of convenient functions. THT completely re-organizes this library and makes it more consistent.

Read More: How THT Compares to PHP

Web Framework Included

THT includes many tools that are useful for modern web development:

Router for clean URLs (e.g. “/blog/123/top-ten-things”)

for clean URLs (e.g. “/blog/123/top-ten-things”) Templates that support the full THT syntax

that support the full THT syntax Input validation and secure file uploads

validation and secure file uploads Stylesheet with reset styles, grid system & SVG icons

with reset styles, grid system & SVG icons Litemark parser for Markdown-style content

parser for Markdown-style content JCON for human-friendly JSON-style configuration

for human-friendly JSON-style configuration Session support with secure defaults & flash data

support with secure defaults & flash data Database module with CRUD methods & parameterized queries

module with CRUD methods & parameterized queries Cache module for performance tuning

Built-In Security

By default, THT defends against the most common security risks.

These safeguards are integrated into the language, providing better protection than if they were imported from a third-party library.

TypeStrings

TypeStrings are used to prevent injection attacks, which are considered the #1 security vulnerability on the internet.

They can not be mixed with (unsafe) regular strings. Dynamic values are inserted via placeholders.

// SQL Queries $q = sql'select name from users where id = {}'; $q.fill(123); // URLs $u = url'/users?sort={}'.fill('desc'); // System Commands $c = cmd'chmod {perms} {file}'; $c.fill('755', 'my_file.conf');

Other Safeguards

User input (which should never be trusted) can only be accessed through validation methods, via the Input module.

Template variables are automatically escaped.

Response headers include CSP to prevent Cross-Site Scripting (XSS).

Direct calls to high-risk PHP commands like eval are prohibited.

are prohibited. File functions are sandboxed to a data directory, and can’t be used with external (potentially dangerous) URLs.

Read More: All Security Enhancements

Performance

Out of the box, PHP is more than fast enough for most apps.

PHP 7 already offers major speed gains, but you can benefit even more by using an opcode cache like APC.

On a MacBook Pro, the core THT test suite (800 tests) finishes in 13 milliseconds.

It is also compact. The combined THT transpiler and runtime is only 180 KB (in comparison, Laravel is 16 MB).

THT also has built-in performance tools:

The Perf Panel is an easy way to profile your overall page speed.

is an easy way to profile your overall page speed. The Cache module can help you minimize the biggest performance hits.

module can help you minimize the biggest performance hits. Responses are automatically minified & GZIP compressed, reducing most page sizes by up to 70%.

How It Works

Once you set up a THT app, your workflow is the same as with PHP. After you edit a file, just save and refresh .

. There are no build steps , background tasks, or server restarts to disrupt your flow.

, background tasks, or server restarts to disrupt your flow. When you add or update a .tht file, it is automatically transpiled to PHP on the first request. Then it is cached for performance.

file, it is on the first request. Then it is cached for performance. The transpiled code is compatible with PHP 7.1+ .

. The transpiler itself is written in 100% PHP with no dependencies.

with no dependencies. Third-party PHP libraries can be accessed through the PHP Interface.

Give It a Try

THT is still in Beta, but if you’d like to try it out, it’s already suitable for most small-to-medium web apps.