mschop/noteephp

html generation library

Friday, September 29, 2017
by mschop
Repository
4 Watchers
0 Stars
400 Installations

PHP
0 Dependents
0 Suggesters
0 Forks
0 Open issues
14 Versions
8 % Grown

The README.md

NoTeePHP

, _(*1)

PHP HTML generation library., _(*2)

What is NoTeePHP

NoTeePHP is an alternative to template engines that focuses on security and correctness., _(*3)

Advantages of NoTeePHP:, _(*4)

more secure
less error-prone
easier setup (no compile step)
debuggable
testable
immutable node tree (unlimited node reuse)
register events

Setup

Install NoTeePHP with composer., _(*5)

composer install mschop/noteephp

That's it., _(*6)

Basic Usage

This is a tiny example:, _(*7)

$nf = new NodeFactory('utf-8');

function getItems use ($nf)()
{
    $result = [];
    for($x = 1; $x < 10; $x++) {
        $result[] = $nf->li('item ' . $x);
    }
    return $result;
}

$root = $nf->div(
    ['class' => 'a b c'],
    $nf->abbr(
        ['title' => 'hypertext markup language'],
        'html'
    ),
    $nf->ul(
        $nf->li('item 0'),
        getItems()
    )
);

echo($root);

This would produce the following result:, _(*8)

<div class="a b c">
    <abbr title="hypertext markup language">html</abbr>
    <ul>
        <li>item 0</li>
        <li>item 1</li>
        <li>item 2</li>
        <li>item 3</li>
        <li>item 4</li>
        <li>item 5</li>
        <li>item 6</li>
        <li>item 7</li>
        <li>item 8</li>
    </ul>
</div>

Security

Many template engines do not offer escaping by default. The developer must remember to escape every information used in a template. The problem is that a developer escapes 100 times properly and then forgets it once. NoTeePHP has escaping by default., _(*9)

Other template engines like Twig offer escaping by default. But even in Twig you can have XSS vulnerabilies in some special cases. Imagine you want to create an anchor, starting with a dynamic value. A naive developer could think that relying on Twigs escaping is enough:, _(*10)

<a href="{{ user.name }}">click me</a>

Now an attacker could just create an account with the username "javascript:alert(1)" and you have the exploit., _(*11)

NoTeePHP creates an object tree instead of concatenating strings. Therefore it knows, in which context a variable is used and can therefore use proper escaping or additional validation for variables., _(*12)

Less error-prone

Syntax errors can cause hard to find bugs in your application. With NoTeePHP you will not face such problems. Never again have enclosing tag errors or missing quotes. Always get well formatted HTML., _(*13)

Debugging

Template engines compiles the templates to plain PHP. This PHP is most often hard to read and therefore hard to debug. With NoTeePHP you don't have such compile step. This simplifies setup, increases security and enables easy debugging by default., _(*14)

Examples

Create a NodeFactory

The NodeFactory class is the pivot of NoTeePHP., _(*15)

$nf = new NodeFactory('utf-8'); // using the right encoding is security relevant

Node creation

$node = $nf->div(
    ['id' => 'someid'], // optional assoc array, containing all attributes
    'some text, that will be escaped',
    $nf->raw('some text, that will not be escaped'),
    $this->span(), // nodes without children will be self-closing tags -> <span />
    [ // children can be passed as arrays for using the result of other methods
        $nf->span('text'),
        $nf->span('text2')
    ]
);

echo $node;

Events

You can register events globally. Lets imagine you want to add an xsrf-token to every form:, _(*16)

$nf->onTag('form', function(array $attributes, array $children) use ($nf) {
    $children[] = $nf->input(['type' => 'hidden', 'name' => 'xsrf-token', 'value' => '12345']);
    return [$attributes, $children];
});

The following events are available:, _(*17)

onTag
onAttr
onClass

Debugging

If you need to know, where a specific node is coming from, enable debug mode for the NodeFactory:, _(*18)

$nf = new NodeFactory('utf-8', true);

Now every for every generated html node, an attribute "data-source" will contain the source file and line of the node. You should disable debug mode in production., _(*19)

The Versions

29/09 2017

dev-master

9999999-dev

html generation library

Sources Download

MIT

The Requires

vdb/uri ~0.2
php >=7.0

The Development Requires

by mschop

api template html query dom

29/09 2017

v1.1.2

1.1.2.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

01/01 2017

v1.1.1

1.1.1.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

31/12 2016

v1.1.0

1.1.0.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

28/10 2016

v1.0.3

1.0.3.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

08/10 2016

v1.0.2

1.0.2.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

08/10 2016

v1.0.1

1.0.1.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

20/09 2016

v1.0.0

1.0.0.0

html generation library

Sources Download

MIT

The Requires

php >=7.0
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

19/09 2016

v0.3.0

0.3.0.0

html generation library

Sources Download

MIT

The Requires

php >=5.4
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

19/09 2016

v0.2.0

0.2.0.0

html generation library

Sources Download

MIT

The Requires

php >=5.4
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

02/09 2016

v0.1.1

0.1.1.0

html generation library

Sources Download

MIT

The Requires

php >=5.4
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

25/06 2016

v0.1.0

0.1.0.0

html generation library

Sources Download

MIT

The Requires

php >=5.4
vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

07/06 2016

v0.1.0-rc.2

0.1.0.0-RC2

html generation library

Sources Download

MIT

The Requires

vdb/uri ~0.2

The Development Requires

by mschop

api template html query dom

06/06 2016

v0.1.0-rc.1

0.1.0.0-RC1

html generation library

Sources Download

MIT

The Development Requires

satooshi/php-coveralls ~2.0

by mschop

api template html query dom

library noteephp

html generation library

mschop/noteephp

The README.md

NoTeePHP

What is NoTeePHP

Setup

Basic Usage

Security

Less error-prone

Debugging

Examples

Create a NodeFactory

Node creation

Events

Debugging

The Versions

dev-master

The Requires

The Development Requires

by mschop

v1.1.2

The Requires

The Development Requires

by mschop

v1.1.1

The Requires

The Development Requires

by mschop

v1.1.0

The Requires

The Development Requires

by mschop

v1.0.3

The Requires

The Development Requires

by mschop

v1.0.2

The Requires

The Development Requires

by mschop

v1.0.1

The Requires

The Development Requires

by mschop

v1.0.0

The Requires

The Development Requires

by mschop

v0.3.0

The Requires

The Development Requires

by mschop

v0.2.0

The Requires

The Development Requires

by mschop

v0.1.1

The Requires

The Development Requires

by mschop

v0.1.0

The Requires

The Development Requires

by mschop

v0.1.0-rc.2

The Requires

The Development Requires

by mschop

v0.1.0-rc.1

The Development Requires

by mschop