At Box, we've been using Smarty for a wide range of jobs. It has become a core part of our web application, as we render millions of pages with it every day. Box engineers have leveraged Smarty across a wide range of infrastructure services including: testing tools, linting support, code generation, and more. And hundreds, if not thousands, of development and maintenance hours have been saved by the conveniences that Smarty offers.
Box has strict security requirements and there were places where Smarty 3 left us wanting a bit more freedom to enable stronger security defaults. Smarty also faced some performance challenges when addressing large or complex pages and the code quality of the library is waning as the project ages. We wanted to keep Smarty's best features but make templating safer, faster, and cleaner, and make it easier to do "the right thing" out of the box.
Enter Brainy (a fork of Smarty 3). Announced at our Open Source Open House, Brainy is the result of our efforts to advance Smarty 3. On the Box Performance team, we're always looking for ways to get faster and better. With Brainy, we've seen over a 100ms increase in performance across the board, and in some areas there are even greater increases. In terms of security, we've ensured that you cannot run PHP in Brainy, and security features like output sanitization enforcement have been added. We've also included Strict Mode, a new operating mode that prevents developers from using anti-patterns in their template code. The result is safer, highly-optimizable code and improved support for HHVM.
What's next? We have plans to compile templates to Hack, provide support for rendering templates asynchronously, and offer even greater safety and performance.
Brainy is available now! github.com/box/brainy