Glossary of Terms


Asynchronous JavaScript and XML – technology for client-server communication over the HTTP protocol without the need for reload of the whole page during each request. Despite the acronym, JSON format is often used instead of XML.

Presenter Action

Logical part of the presenter, performing one action, such as to show a product page, to sign out a user etc. One presenter can have more actions.


So-called byte order mask is a special first character of a file and indicates byte order in the encoding. Some editors include it automatically, it's practically invisible, but it causes problems with headers and output sending from within PHP. You can use Code Checker for bulk removal.


Controller processes requests from user and on their basis it calls particular application logic (ie. model), then it calls view for data rendering. Analogy to controllers are presenters in Nette Framework.

Cross-Site Scripting (XSS)

Cross-Site Scripting is a site disruption method using unescaped input. An attacker may inject his own HTML or JavaScript code and change the look of the page or even gather sensitive information about users. Protection against XSS is simple: consistent and correct escaping of all strings and inputs.

Nette Framework comes up with a brand new technology of Context-Aware Escaping, which will get you rid of the Cross-Site Scripting risks forever. It escapes all inputs automatically based on a given context, so it's impossible for a coder to accidentally forget something.

Cross-Site Request Forgery (CSRF)

A Cross-Site Request Forgery attack is that the attacker lures the victim to visit a page that silently executes a request in the victim's browser to the server where the victim is currently logged in, and the server believes that the request was made by the victim at will. Server performs a certain action under the identity of the victim but without the victim realizing it. It can be changing or deleting data, sending a message, etc.

Nette Framework automatically protects forms and signals in presenters from this type of attack. This is done by preventing them from being sent or called from another domain.

Dependency Injection

Dependency Injection (DI) is a design pattern that tells you how to separate the creation of objects from their dependencies. That is, a class is not responsible for creating or initializing its dependencies, but instead those dependencies are provided by external code (which can include a DI container). The advantage is that it allows for greater code flexibility, better readability, and easier application testing because dependencies are easily replaceable and isolated from other parts of the code. For more information, see What is Dependency Injection?

Dependency Injection Container

A Dependency Injection container (also DI container or IoC container) is a tool that handles the creation and management of dependencies in an application (or services). A container usually has a configuration that defines what classes are dependent on other classes, what specific dependency implementations to use, and how to create those dependencies. The container then creates these objects and provides them to the classes that need them. For more information, see What is a DI container?


Escaping is conversion of characters with special meaning in given context to another equivalent sequences. Example: We want to write quotes into quotes-enclosed string. Because quotes have special meaning in context of the quotes-enclosed string, there is a need to use another equivalent sequence. Concrete sequence is determined by the context rules (e.g. \" in PHP's quotes-enclosed string, " in HTML attributes etc.).

Filter (Formerly Helper)

Filter function. In templates, filter is a function, that helps to alter or format data to the output form. Templates have several standard filters predefined.


Notice of a snippet to rerender. In other context also clearing of a cache.


Data exchange format based on JavaScript syntax (it's its subset). Exact specification can be found at


Reusable part of an application. It can be a visual part of a page, as described in the components chapter, or the term can also stand for the class Component (such a component doesn't have to be visual).

Control Characters

Control characters are invisible characters, that can occur in a text and eventually to cause some problems. For their bulk removal from files, you can use Code Checker, for their removal from a variable use function Strings::normalize().


An event is an expected situation in the object, which when it occurs, the so-called handlers are called, i.e. callbacks reacting to the event (sample). The event can be for example form submission, user login, etc. Events are thus a form of Inversion of Control.

For example, a user login occurs in the Nette\Security\User::login() method. The User object has a public variable $onLoggedIn, which is an array to which anyone can add a callback. As soon as the user logs in, the login() method calls all callbacks in the array. The name of a variable in the form onXyz is a convention used throughout Nette.


One of the most innovative templating systems ever.


Model represents data and function basis of the whole application. It includes the whole application logic (sometimes also referred to as a “business logic”). It's the M of MVC or MPV. Any user action (loging in, putting stuff to basket, change of a database value) represents an action of the model.

Model manages its inner state and provides a public interface. By calling of this interface we can take or change its state. Model doesn't know about an existence of view or controller, model is totally independent on them.


Software architecture, that emerged in GUI applications development to separate the code for the flow control (controller) from the code of the application logic (model) and from the data rendering code (view). That way the code is better understandable, it eases the future development and it allows to test separate parts separately.


Architecture based on Model-View-Controller.


Module in Nette Framework represents a collection of presenters and templates, eventually also components and models, that serve data to a presenter. So it is certain logical part of an application.

For example, an e-shop can have three modules:

  1. Product catalogue with basket.
  2. Administration for the customer.
  3. Administration for the shopkeeper.


Namespace is a feature of the PHP language from its version 5.3 and some other programming languages as well. It helps to avoid names collisions (e.g. two classes with the same name) when using different libraries together. See PHP documentation for further detail.


Presenter is an object, that takes the request as translated by the router from the HTTP request and generates a response. Response can be an HTML page, picture, XML document, file, JSON, redirect or whatever you think of.

By a presenter it is usually meant an descendant of the Nette\Application\UI\Presenter class. By requests it runs appropriate actions and renders templates.


Bi-directional translator between HTTP request / URL and presenter action. Bi-directional means, that it's not only possible to derive a presenter action from the HTTP request, but also to generate appropriate URL for an action. See more in the chapter about URL routing.

SameSite cookies provide a mechanism to recognize what led to the page load. It can have three values: Lax, Strict and None (the latter requires HTTPS). If the request to the page comes directly from the site or the user opens the page by typing directly into the address bar or clicking on a bookmark, the browser sends all cookies to the server (i.e. with the flags Lax, Strict and None). If the user clicks on the site via a link from another site, cookies with the Lax and None flags are passed to the server. If the request is made by other means, such as submitting a POST form from another site, loading inside an iframe, using JavaScript, etc., only cookies with the None flag are sent.


In the context of Dependency Injection, a service refers to an object that is created and managed by a DI container. A service can easily be replaced by another implementation, for example for testing purposes or to change the behavior of an application, without having to modify the code that uses the service.


Snippet of a page, that can be separately re-rendered during an AJAX request.


View is a layer of application, that is responsible for request results rendering. Usually it uses a templating system and it knows, how to render its components or results taken from the model.

version: 4.0