Version: v0.7.0 - Beta.  We welcome contributors & feedback.
THT Hypertext Toolkit
PHP vs THT diagram
THT is a clean re-design of PHP, making it more secure and easier to use.

A Quick Look 

// The syntax is familiar, but more streamlined,
// making it easier to read and type.

fn main {

    $cart = {
        holidaySale: true,
        items: ['T-Shirt', 'Teddy Bear'],
    }

    $cart.items.push('Teapot')
}

fn getTotal($cart) {

    $total = 0
    foreach $cart.items as $item {
        $total += getPrice($item)
    }

    if $cart.holidaySale: $total *= 0.8

    return $total
}

Read More:  Syntax Cheat Sheet  |  Full Language Tour

Key THT Features

THT is not just a transpiler for new syntax.

It is also a runtime layer that improves nearly every aspect of PHP.

Organized Library

PHP's massive library (5,000+ functions) is curated and organized into modules & classes.

// PHP
str_contains($hayStack, 'needle')

// THT
$hayStack.contains('needle')
Lists & Maps

PHP arrays are split into distinct List and Map types.

// PHP
[ 'name' => 'Toni', 'age' => 33 ]

// THT
{ name: 'Toni', age: 33 }
Module System

Code is reused via modules, which are automatically namespaced and have controls for outside access.

// PHP
require_once('Some/Module.php');
\Some\Module\doSomething();

// THT
load('Some/Module')
Module.doSomething()
Unicode Support

String functions work with UTF-8 by default.

// PHP
strlen('清潔な場所')   //= 15 ✖

// THT
'清潔な場所'.length()  //= 5  ✔
Cleaner Code

A compile-time Format Checker helps keep your code clean and consistent.

// Valid PHP
$Some_Var=$record [ "someKey" ]+( $a*3 )

// THT
$someVar = $record['someKey'] + ($a * 3)
Friendly Errors

The error pages are easy to read, including full stack traces, suggested fixes, and links to documentation.

Read More:  How THT Compares to PHP

Web Framework 

THT includes the most common features you need to build a web app, without the need for third-party libraries.

Router

The URL router automatically gives a clean URL to every page.

// PHP
/blog/posts.php?name=my-favorite-things

// THT
/blog/posts/my-favorite-things
Templates

Template Functions let you cleanly organize your view-level code in a way that is both flexible and fast.

They support HTML-C shortcuts, and automatically escape variables to prevent XSS attacks.

// PHP
<div class="messages">
<? foreach ($messages as $m) { ?>
    <div class="message"><?= $m['subject'] ?></div>
<? } ?>
</div>

// THT
<.messages>
--- foreach $messages as $m {
    <.message> {{ $m.subject }}
--- }
</>
Safe Input

THT validates all user input by default, including secure file uploads.

// PHP - No validation  (✖ Unsafe)
$userId = $_GET['userId'];

// THT - Validate as a positive (i)nteger
$userId = Input.get('userId', 'i')
Form Builder

The Form module makes it easy to build mobile-friendly forms. Input fields are validated on both the client (for usability) and the server (for security).

We won't spam you.
Sessions

The Session module has secure defaults and flash data.

$cartKey = 'shoppingCart'

Session.addToList($cartKey, 'T-Shirt')
Session.addToList($cartKey, 'Teddy Bear')

Session.get($cartKey)
//= ['T-Shirt', 'Teddy Bear']
Database

The Database module has convenience methods for CRUD operations.

It uses SQL TypeStrings (see Security below) to prevent injection attacks.

$query = sql'select * from posts where userId = {}'
$query.fill(123)

Db.selectRows($query)
Email

The Email module makes it easy to send email (HTML or plaintext) through a third-party email sender.

Email.send({
    from: 'you@yoursite.com',
    to: 'user@mail.com',
    subject: 'Welcome!',
    body: '''
        Thanks for joining!
    ''',
})
CSS Framework

THT comes with an optional lightweight CSS framework with reset styles, a responsive grid system, and SVG icons.

Success This is a success alert with an icon.
Litemark

THT introduces Litemark, a Markdown variant that supports different authoring modes (e.g. comments vs documentation) and the creation of custom tags.

# Heading

Bullets:
- Here is __italic text__
- Here is **bold text**
- Here is an [image /some/image.png]
- Here is a [/some/url | link to another page]
JCON

THT introduces JCON for human-friendly JSON-style configuration.

// A comment here
myConfig: {
    defaultUserName: guest
    maxPosts: 1000
    debugMode: false
}

Extra Security 

By default, THT protects your app against the most common security risks.

Having these safeguards integrated into the language means that fewer vulnerabilities can slip through the cracks.

TypeStrings

TypeStrings are used to prevent injection attacks, which are the #1 security vulnerability for web apps.

TypeStrings can’t be mixed with regular (unsafe) strings. Instead, dynamic values are inserted via placeholders, which are then safely escaped.

// SQL TypeString
$q = sql'select name from users where id = {}'
     ^^^

// Fill in the placeholder {}
$q.fill(123)

// Other types include 'url', 'cmd', etc.
$u = url'/users?sort={}'
     ^^^

Other Safeguards

Read More:  All Security Enhancements

Performance 

THT runs on PHP 7 and 8, which are 100% faster than previous PHP versions. (Recent benchmarks put it at 2x-3x faster than Python and Ruby.)

On a MacBook Pro, the core THT unit tests (1,000+ tests) run in under 20 milliseconds.

It is also relatively compact. The combined THT transpiler and runtime is about 280 KB. (For a rough comparison, CakePHP is about 1700 KB, and TypeScript is 4000 KB.)

THT also has built-in performance tools:

Q: How Does It Work? 

THT keeps the same easy “edit & refresh” workflow of PHP.

Under The Hood

PHP Integration

You can call PHP functions from THT, or vice versa, via the PHP Interface.

Give It a Try 

THT is still in Beta, but if you’d like to try it out, it’s already capable of building small-to-medium web apps like home pages, forums, blogs, etc.

If you’re interested in THT's ongoing progress, follow us at @thtlang.