Glossary of Terms

AJAX

Asynchronous JavaScript and XML – a technology for exchanging information between the client and server over the HTTP protocol without needing to reload the entire page with each request. Although the name might suggest data is sent only in XML format, the JSON format is also commonly used.

Presenter Action

A logical part of a presenter that performs a single action. For example, displaying a product page, logging out a user, etc. A single presenter can have multiple actions.

BOM

The byte order mark is a special first character in a file used as an indicator of byte order in encoding. Some editors insert it into files. It is practically invisible but causes problems with sending output and headers from PHP. You can use Code Checker for bulk removal.

Controller

A controller that processes user requests and, based on them, calls the appropriate application logic (i.e., model) and then asks the view to render the data. The equivalent of controllers in the Nette Framework are presenters.

Cross-Site Scripting (XSS)

Cross-Site Scripting is a method of disrupting websites by exploiting unescaped outputs. An attacker can then inject their own code into the page, thereby modifying the page or even obtaining sensitive data about visitors. Protection against XSS involves consistent and correct escaping of all output strings.

Nette Framework introduces the revolutionary Context-Aware Escaping technology, which permanently eliminates the risk of Cross-Site Scripting. It automatically escapes all outputs, so a developer cannot forget anything.

Cross-Site Request Forgery (CSRF)

A Cross-Site Request Forgery attack involves the attacker luring a victim to a page that subtly executes a request in the victim's browser to a server where the victim is logged in. The server believes the request was made willingly by the victim. Thus, under the victim's identity, it performs an action without their knowledge. This could involve changing or deleting data, sending a message, etc.

Nette Framework automatically protects forms and signals in presenters against this type of attack by preventing them from being submitted or triggered from another domain.

Dependency Injection

Dependency Injection (DI) is a design pattern that dictates how to separate the creation of objects from their dependencies. This means a class is not responsible for creating or initializing its dependencies; instead, these dependencies are provided by external code (which could be a DI container). The advantage lies in increased code flexibility, better understandability, and easier application testing, as dependencies are easily replaceable and isolated from other code parts. More in the chapter What is Dependency Injection?

Dependency Injection Container

A Dependency Injection container (also DI container or IoC container) is a tool that manages the creation and administration of dependencies (or services) within an application. The container typically has a configuration defining which classes depend on others, which specific dependency implementations should be used, and how these dependencies should be created. The container then creates these objects and provides them to the classes that need them. More in the chapter What is a DI container?

Escaping

Escaping is the conversion of characters that have a special meaning in a given context into other corresponding sequences. Example: We want to write quotes within a string enclosed by quotes. Since quotes have a special meaning in the context of the string, and simply writing them would be interpreted as the end of the string, they need to be written using a different corresponding sequence. The exact sequence is determined by the rules of the context.

Filter

In templates, a filter usually refers to a function that helps modify or reformat data into its final form. Templates provide several standard filters.

Invalidation

Notifying a snippet to redraw itself. In another context, it also means deleting the cache content.

JSON

A data exchange format based on JavaScript syntax (it is a subset of it). The exact specification can be found at www.json.org.

Component

A reusable part of an application. It can be a visual part of a page, as described in the chapter Writing Components, or the term component also refers to the class Component (such a component does not have to be visual).

Control Characters

Control characters are invisible characters that can appear in text and potentially cause problems. To remove them in bulk from files, you can use Code Checker, and to remove them from a variable, use the Strings::normalize() function.

Events

An event is an expected situation within an object. When it occurs, so-called handlers are called, i.e., callbacks reacting to the event (example). An event could be, for example, form submission, user login, etc. Events are thus a form of Inversion of Control.

For example, user login occurs in the Nette\Security\User::login() method. The User object has a public variable $onLoggedIn, which is an array to which anyone can add a callback. When the user logs in, the login() method calls all callbacks in the array. The variable name format onXyz is a convention used throughout Nette.

Latte

One of the most advanced templating systems.

Model

The model is the data and, especially, the functional core of the entire application. It contains all the application logic (the term business logic is also used). It's the M in MVC or MVP. Any user action (logging in, adding goods to the cart, changing a value in the database) represents an action of the model.

The model manages its internal state and offers a fixed interface to the outside. By calling functions of this interface, we can query or change its state. The model is unaware of the existence of the view or controller.

Model-View-Controller

A software architecture that arose from the need to separate the handling code (controller) from the application logic code (model) and the data display code (view) in applications with a graphical interface. This makes the application clearer, facilitates future development, and allows for testing individual parts separately.

Model-View-Presenter

An architecture based on Model-View-Controller.

Module

A module represents a logical part of an application. In a typical arrangement, it is a group of presenters and templates that address a specific area of functionality. Modules are placed in separate directories, such as Front/, Admin/, or Shop/.

For example, an e-shop can be divided into:

Frontend (Shop/) for browsing products and purchasing
Customer section (Customer/) for order management
Administration (Admin/) for operators

Technically, these are regular directories, but thanks to clear structuring, they help scale the application. The presenter Admin:Product:List would thus be physically located, for example, in the directory app/Presentation/Admin/Product/List/ (see presenter mapping).

Namespace

A namespace, part of the PHP language since version 5.3 and some other programming languages, allows the use of classes named identically in different libraries without name collisions. See the PHP documentation.

Presenter

A presenter is an object that takes a request translated by the router from an HTTP request and generates a response. The response can be an HTML page, an image, an XML document, a file on disk, JSON, a redirect, or anything you devise.

Usually, the term presenter refers to a descendant of the Nette\Application\UI\Presenter class. Based on incoming requests, it executes corresponding actions and renders templates.

Router

A bidirectional translator between an HTTP request / URL and a presenter action. Bidirectional means that it's possible to derive a presenter action from an HTTP request, and conversely, to generate the corresponding URL for an action. More in the chapter on URL routing.

SameSite cookies provide a mechanism to recognize what led to the page load. It can have three values: Lax, Strict, and None (the latter requires HTTPS). If the request for the page comes directly from the website or the user opens the page by typing directly into the address bar or clicking on a bookmark, the browser sends all cookies to the server (i.e., with flags Lax, Strict, and None). If the user clicks through to the website from a link on another site, cookies with the Lax and None flags are passed to the server. If the request originates in another way, such as submitting a POST form from another site, loading within an iframe, using JavaScript, etc., only cookies with the None flag are sent.

Service

In the context of Dependency Injection, a service refers to an object that is created and managed by the DI container. A service can be easily replaced by another implementation, for example, for testing purposes or to change the application's behavior, without needing to modify the code that uses the service.

Snippet

A snippet, a part of a page that can be independently redrawn during an AJAX request.

View

The view is the application layer responsible for displaying the result of a request. It usually uses a templating system and knows how to display specific components or results obtained from the model.