You Might Like THT If...
- You like the convenience of PHP, but don’t want to deal with the many problems and risks that come with it.
- You want to learn web development with a language that is easy to learn and has best practices built in.
A Quick Look
You don’t need to know PHP to use THT.
Built on PHP (The Good Parts)THT keeps the same convenient workflow of PHP:
.thtfile. Pages automatically get clean URLs (e.g. "blog.tht" becomes "/blog").
- Organized Library. PHP's massive library (5,000+ functions) is curated and organized into modules & classes.
- Lists & Maps. PHP arrays are split into clear List and Map types.
- Module System. File inclusion is supported via modules, with built-in autoloading. No verbose namespaces.
- Friendly Errors. The error pages are designed to be easy to read, with full stack traces.
- Syntax Shortcuts. Optional syntactic sugar makes common patterns more convenient. (e.g.
||=for default assignment.)
- Cleaner Code. A compile-time format checker helps you write code that is easier to read and maintain.
- UTF-8 Support. String functions work with UTF-8 by default.
Read More: How THT Compares to PHP
THT includes many (optional) tools that are useful for modern web development:
- Router for clean URLs (e.g. “/blog/123/top-ten-things”)
- Templates that support the full THT syntax
- Stylesheet with reset styles, grid system & SVG icons
- Litemark parser for Markdown-style content
- JCON for human-friendly JSON-style configuration
- Session support with secure defaults & flash data
- Database module with CRUD methods & parameterized queries
- Cache module for performance tuning
By default, THT defends against the most common security risks, so you can spend more time building the functionality of your app.
- TypeStrings are used to prevent injection attacks, which are considered the #1 security vulnerability on the internet.
- User input (which should never be trusted) can only be accessed through validation methods.
- Template variables are automatically escaped.
- Response headers include CSP to prevent Cross-Site Scripting (XSS).
- Direct calls to high-risk PHP commands like
- File functions are sandboxed to a data directory, and can’t be used with external (potentially dangerous) URLs.
- THT files are hosted outside of the Document Root. Only
.thtfiles in your
pagesdirectory can be executed directly via URL.
Read More: All Security Enhancements
Out of the box, PHP is more than fast enough for most apps.
PHP 7 already offers major speed gains, but you can benefit even more by using an opcode cache like APC.
THT itself is a safe choice, performance-wise:
In a basic “Hello World” benchmark, THT is 6x faster than Laravel (1000 req/s vs 160 req/s) and uses 60% less memory (0.8 MB vs 2 MB).
On a MacBook Pro, the core THT test suite (770 tests) finishes in 18 milliseconds. This includes a full range of operations for control flow, data structures, file access, and database access.
The THT bundle is about 50x smaller than Laravel and its dependencies (230 KB vs 16 MB, zipped).
It also has built-in performance tools:
- The Perf Panel is an easy way to profile your overall page speed.
- The Cache module can help you minimize the biggest performance hits.
- Responses are automatically minified & GZIP compressed, reducing most page sizes by up to 70%.
THT is still in Beta, but if you’d like to try it out, it’s already capable of building most small-to-medium web apps.