The first truly secure and
intuitive templates for PHP

Over 27% of Websites
Have Critical Vulnerabilities

The most common critical vulnerability in websites is Cross-Site Scripting (XSS). It allows an attacker to insert a malicious script into a page that executes in the browser of an unsuspecting user. It can modify the page, obtain sensitive information or even steal the user's identity.

Templating systems fail to defend against XSS. Latte is the only system with an effective defense, thanks to context-sensitive escaping.

Anyone who wants a well-secured website uses Latte.

Quiz: Can you defend against XSS vulnerability?

Source: Acunetix Web Vulnerability Report

Example of automatic escaping of the $text variable in several different contexts (you can edit the top template):

{var $text = "O'Neill"}
- in text: <span>{$text}</span>
- in attribute: <span title={$text}></span>
- in unquoted attribute: <span title={$text}></span>
- in JavaScript: <script>var = {$text}</script>
- in text: <span>O'Neill</span>
- in attribute: <span title='O&apos;Neill'></span>
- in unquoted attribute: <span title="O&apos;Neill"></span>
- in JavaScript: <script>var = "O'Neill"</script>

A Language You Know Well

We're not kidding, you already know the Latte language. You already know how to write expressions in it. In fact, they are written exactly just like in PHP. So you don't have to think about how to write things in Latte. You don't have to look in the documentation. You don't have to learn another language. You just write like in PHP. More about Latte syntax

Loop

<ul>
    {foreach $users as $user}
        <li>{$user->name}</li>
    {/foreach}
</ul>

Condition

{if $post->status === Status::Published}
    Read post
{elseif count($posts) > 0}
    See other posts
{/if}

Expressions

{$product?->getDiscount()}

{$foo[0] + strlen($bar[Bar::Const])}

{array_filter($nums, fn($n) => $n < 100)}

Latte vs Twig

Latte is based on PHP, whereas Twig is based on Python. A designer in Latte doesn't have to constantly switch between two different conventions. For example, between for person in people in templates and foreach $people as $person in PHP. He doesn't even have to think about where to use {% %} and where to use {{ }}, because Latte has one {...} delimiter.

Try the Twig to Latte tool.

<ul>
    {foreach $foo->items as $item}
        <li>{$item->name}</li>
    {/foreach}
</ul>
<ul>
    {% for item in foo.items %}
        <li>{{ item.name }}</li>
    {% endfor %}
</ul>

Keyboard-Saving Mode That Gets You Excited

Users love this feature. We call it n:attributes. Any paired tags, such as {if} ... {/if}, wrapping an HTML element can be written as its n:if attribute. This makes for a very efficient notation. Attributes can also have inner- and tag- prefixes, then the behavior applies to the inside of the element respectively the opening and ending HTML tags. More about n-attributes

Using n:attributes:

<ul n:if="count($menu) > 1" class="menu">
    <li n:foreach="$menu as $item">
        <a n:tag-if="$item->href" href={$item->href}>
            {$item->caption}
        </a>
    </li>
</ul>

And the Same Without Them:

{if count($menu) > 1}
    <ul class="menu">
        {foreach $menu as $item}
            <li>
                {if $item->href}<a href={$item->href}>{/if}
                    {$item->caption}
                {if $item->href}</a>{/if}
            </li>
        {/foreach}
    </ul>
{/if}

Latte Pampers Developers

Editing

Latte has native support in NetBeans and an excellent plugin for PhpStorm that suggests tags, filters and PHP code.

Debugging

Stay in touch. The plugin for Tracy informs you on each page which templates and which variables are being rendered.

Next Generation Templates

Latte is a next generation templating system – it understands HTML. Where other systems see only a bunch of characters, Latte sees HTML elements. This is the reason why it has two amazing features like context-sensitive escaping and n:attributes.

How Blade, Twig and other systems see the template

░░░░░░░░░░░░░░░
░░░░░░
    ░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░@yield ('description')░
    ░░░░░░░
    ░░░░░░
        ░░░░░░░░░░░░░░░░░░░░░░░
            @foreach ($navigation as $item)
                ░░░░░░░░░░░░{{$item->link}}░{{$item->title}}░░░░░░░
            @endforeach
        ░░░░░

        ░░░░░░░░
            ░░░░░░░░░░░░{{ $appName }}░
        ░░░░░░░░░
    ░░░░░░░
░░░░░░░

How Latte sees the template

<!DOCTYPE html>
<html>
    <head>
        <title>It's all about context</title>
        <meta name="description" content={include description}>
    </head>
    <body>
        <ul class="navigation">
            {foreach  $navigation as $item}
                <li><a href={$item->link}>{$item->title}</a></li>
            {/foreach}
        </ul>

        <script>
            var appName = {$appName};
        </script>
    </body>
</html>

Layouts and Inheritance

Sophisticated template reuse and inheritance mechanisms increase your productivity because each template contains only its unique content, and repeated elements and structures are reused.

Sandbox

The Latte has an armoured bunker right under the hood. It's called sandbox mode, and it isolates templates from untrusted sources, such as those edited by users themselves. It gives them limited access to tags, filters, functions, methods, etc. How does it work?

It is Really Fast

Latte compiles template down to the optimal PHP code at the same time as you work. So it is as quick as if you created purely PHP. The compiled PHP code is clear and easy to debug. The template is automatically recompiled each time we change the source file.

Over 15 Years

We have been developing Latte for over 15 years- and counting! Libraries we provide are therefore highly mature, stable, and widely used. They are trusted by a number of global corporations and many significant websites rely on us. Who uses and trusts Latte?

Great documentation

Readers praise documentation for clarity and completeness. We wish you a pleasant reading.

Open Source

Latte is open source and completely free to use.