Writing templates can be a pain. Securing it against cross-site scripting attacks can be even worse. Sick of writing htmlspecialchars($output, ENT_QUOTES)
again and again? And using htmlentities()
instead when escaping input for a JavaScript snippet? Why bother when there is a templating engine that can take care of all this dirty business?
Latte is a templating engine that comes shipped as a part of Nette framework, an open-source PHP framework of Czech origin. It is dual-licensed under New BSD and GNU GPL licenses. Latte automatically secures your templates against XSS exploits using context-aware escaping. And it makes writing templates a pleasure.
So, how do you output a variable in a secure way? Simply:
{$variable}