Programming Language for Websites & Web Apps

THT Hypertext Toolkit

THT is a clean re-design of PHP, making it more secure and easier to use.

A Quick Look

// The syntax is familiar, but more streamlined,
// making it easier to read and type.

fn main {

    $cart = {
        holidaySale: true,
        items: ['T-Shirt', 'Teddy Bear'],
    }

    $cart.items.push('Teapot')
}

fn getTotal($cart) {

    $total = 0
    foreach $cart.items as $item {
        $total += getPrice($item)
    }

    if $cart.holidaySale: $total *= 0.8

    return $total
}

THT Keeps The Good Parts of PHP

1. Simple Syntax

PHP is a dynamic language that doesn't force you to into strict types and has a basic procedural syntax. THT keeps this approach, but updates it with influences from successful modern languages.

2. Quick Workflow

THT keeps the same instant save & refresh workflow of PHP. There are no build steps or server restarts to disrupt your flow.

3. Easy Setup

PHP is widely available on every major web host and OS. Using it with Apache is fast out of the box, with virtually no system administration.

4. Web Focused

PHP is a web development language at its core. THT embraces this and takes it further by adding web security and framework features.

5. Batteries Included

PHP comes with a large library of convenient functions. THT completely re-organizes this library and makes it more consistent.

6. Atomic Requests

PHP automatically resets state after every request. This "share nothing" lifecycle makes your app flow easier to understand, and prevents most memory leaks.

Key THT Features

THT is not just a transpiler for new syntax.

It is also a runtime layer that improves nearly every aspect of PHP.

Organized Library

PHP's massive library (5,000+ functions) is curated and organized into modules & classes.

// PHP
str_contains($hayStack, 'needle')

// THT
$hayStack.contains('needle')

Lists & Maps

PHP arrays are split into distinct List and Map types.

// PHP
[ 'name' => 'Toni', 'age' => 33 ]

// THT
{ name: 'Toni', age: 33 }

Module System

Code is reused via modules, which are automatically namespaced and have controls for outside access.

// PHP
require_once('Some/Module.php');
\Some\Module\doSomething();

// THT
load('Some/Module')
Module.doSomething()

Unicode Support

String functions work with UTF-8 by default.

// PHP
strlen('清潔な場所')   //= 15 ✖

// THT
'清潔な場所'.length()  //= 5  ✔

Cleaner Code

A compile-time Format Checker helps keep your code clean and consistent.

// Valid PHP
$Some_Var=$record [ "someKey" ]+( $a*3 )

// THT
$someVar = $record['someKey'] + ($a * 3)

Friendly Errors

The error pages are easy to read, including full stack traces, suggested fixes, and links to documentation.

Web Framework

THT includes the most common features you need to build a web app, without the need for third-party libraries.

Router

The URL router automatically gives a clean URL to every page.

// PHP
/blog/posts.php?name=my-favorite-things

// THT
/blog/posts/my-favorite-things

Templates

Template functions let you cleanly organize your view-level code in a way that is both flexible and fast.

They support HTML-C shortcuts, and automatically escape variables to prevent XSS attacks.

// PHP
<div class="messages">
<? foreach ($messages as $m) { ?>
    <div class="message"><?= $m['subject'] ?></div>
<? } ?>
</div>

// THT
<.messages>
--- foreach $messages as $m {
    <.message> {{ $m.subject }}
--- }
</>

Safe Input

THT validates all user input by default, including secure file uploads.

// PHP - No validation  (✖ Unsafe)
$userId = $_GET['userId'];

// THT - Validate as a positive (i)nteger
$userId = Input.get('userId', 'i')

Form Builder

The Form module makes it easy to build mobile-friendly forms. Input fields are validated on both the client (for usability) and the server (for security).

EmailWe won't spam you.

T-Shirt Size

Sessions

The Session module has secure defaults and flash data.

$cartKey = 'shoppingCart'

Session.addToList($cartKey, 'T-Shirt')
Session.addToList($cartKey, 'Teddy Bear')

Session.get($cartKey)
//= ['T-Shirt', 'Teddy Bear']

Database

The Database module has convenience methods for CRUD operations.

It uses SQL TypeStrings (see Security below) to prevent injection attacks.

$query = sql'select * from posts where userId = {}'
$query.fill(123)

Db.selectRows($query)

The Email module makes it easy to send email (HTML or plaintext) through a third-party email sender.

Email.send({
    from: 'you@yoursite.com',
    to: 'user@mail.com',
    subject: 'Welcome!',
    body: '''
        Thanks for joining!
    ''',
})

CSS Framework

THT comes with an optional lightweight CSS framework with reset styles, a responsive grid system, and SVG icons.

Success This is a success alert with an icon.

Litemark

THT introduces Litemark, a Markdown variant that supports different authoring modes (e.g. comments vs documentation) and the creation of custom tags.

# Heading

Bullets:
- Here is __italic text__
- Here is **bold text**
- Here is an [image /some/image.png]
- Here is a [/some/url | link to another page]

JCON

THT introduces JCON for human-friendly JSON-style configuration.

// A comment here
myConfig: {
    defaultUserName: guest
    maxPosts: 1000
    debugMode: false
}

Extra Security

By default, THT protects your app against the most common security risks.

Having these safeguards integrated into the language means that fewer vulnerabilities can slip through the cracks.

TypeStrings

TypeStrings are used to prevent injection attacks, which are the #1 security vulnerability for web apps.

TypeStrings can’t be mixed with regular (unsafe) strings. Instead, dynamic values are inserted via placeholders, which are then safely escaped.

// SQL TypeString
$q = sql'select name from users where id = {}'
     ^^^

// Fill in the placeholder {}
$q.fill(123)

// Other types include 'url', 'cmd', etc.
$u = url'/users?sort={}'
     ^^^

Other Safeguards

File functions are sandboxed to a data directory, and can’t be used with external (potentially dangerous) URLs.
User input is only accessible from validation methods. Post requests are protected by an auto-generated CSRF token.
And many more...

Read More: All Security Enhancements

Performance

THT runs on PHP 8, which is nearly 100% faster than older PHP versions. (Recent benchmarks put it at 2x-3x faster than Python and Ruby.)

On a MacBook Pro, the core THT unit tests (1,000+ tests) run in under 30 milliseconds.

It is also relatively compact. The combined THT transpiler and runtime is about 280 KB. (For a rough comparison, CakePHP is about 1700 KB, and TypeScript is 4000 KB.)

THT also has built-in performance tools:

The Perf Panel is an easy way to profile your overall page speed.
The Cache module can help you minimize performance bottlenecks.
Images and assets are automatically optimized, reducing sizes by up to 70%.

Q: How Does It Work?

THT keeps the same easy “edit & refresh” workflow of PHP.

There are no build steps or server restarts to disrupt your flow.
Files are automatically transpiled to PHP on the first request, then cached for performance.

Under The Hood

The transpiled code is compatible with PHP 8.1.
The transpiler itself is written in 100% PHP with no dependencies.

PHP Integration

You can call PHP functions from THT, or vice versa, via the PHP Interface.

Give It a Try

THT is still in Beta, but if you’d like to try it out, it’s already capable of building small-to-medium web apps like home pages, forums, blogs, etc.

If you’re interested in THT's ongoing progress, follow us at @thtlang or join the Discord server.

Next: Install THT