Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
dompurify vs js-xss simple
(version: 0)
Comparing performance of:
dompurify vs js-xss
Created:
5 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdn.jsdelivr.net/gh/cure53/DOMPurify/dist/purify.js"></script> <script src="https://cdn.jsdelivr.net/gh/gbirke/Sanitize.js/lib/sanitize.js"></script> <script src="https://cdn.jsdelivr.net/npm/xss@1.0.6/dist/xss.js"></script>
Script Preparation code:
window.testcontent = `<form id="action_online_form" method="post" action="./../adm/index.php?i=acp_main&sid=534a8e9c03d8251f56daeb0d857cc062&mode=main" data-ajax="true"> <dl> <dt><label for="action_online">Vynulovat rekord uživatelů online</label><br><span class="responsive-hide"> </span></dt> <dd><input type="hidden" name="action" value="online"><input class="button2" type="submit" id="action_online" name="action_online" value="Spustit nyní"></dd> </dl> </form>`
Tests:
dompurify
var frag = document.createDocumentFragment(); frag.innerHTML = DOMPurify.sanitize(window.testcontent); document.appendChild(frag);
js-xss
var frag = document.createDocumentFragment(); frag.innerHTML = filterXSS(window.testcontent); document.appendChild(frag);
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
dompurify
js-xss
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
one year ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Browser/OS:
Chrome 127 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=555983" width="100%" height="500px"></iframe>
Test name
Executions per second
dompurify
10279.0 Ops/sec
js-xss
148063.8 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the provided benchmark and explain what's being tested, compared, and the pros and cons of each approach. **What is being tested?** The provided benchmark tests two JavaScript libraries: DOMPurify and js-xss. Both libraries are used to sanitize HTML input to prevent cross-site scripting (XSS) attacks. **Options being compared:** 1. **DOMPurify**: A popular library for sanitizing HTML and XML content. 2. **js-xss**: Another library specifically designed for XSS prevention, also known as Sanitize.js. **Pros and Cons of each approach:** **DOMPurify:** Pros: * Widely used and well-established library with a large community. * Supports multiple input types (HTML, XML, JSON). * Can be configured to relax or strict sanitize rules. Cons: * May have performance overhead due to its feature-rich nature. * Requires manual configuration for certain use cases. **js-xss:** Pros: * Lightweight and optimized for performance. * Easy to integrate and configure. * Supports basic XSS prevention with minimal configuration. Cons: * Less widely used compared to DOMPurify, which might affect community support. * May not provide the same level of customization as DOMPurify. **Other considerations:** 1. **Sanitize.js**: Although not explicitly mentioned in the benchmark, Sanitize.js (also known as js-xss) is a popular alternative for XSS prevention. Its lightweight nature makes it suitable for high-performance applications. 2. **Custom implementation**: If you're willing to invest time and effort, creating your own custom sanitizer can provide optimal performance and control. However, this approach requires significant expertise in HTML parsing and sanitization. **Library descriptions:** 1. **DOMPurify**: A JavaScript library that sanitizes HTML content by removing malicious attributes and tags. It's designed to prevent XSS attacks by converting potentially malicious input into a safer format. 2. **js-xss (Sanitize.js)**: A lightweight JavaScript library specifically designed for XSS prevention. It sanitizes HTML content by removing malicious attributes, tags, and values. **Special JS feature or syntax:** The benchmark uses the `document.createDocumentFragment()` method to create a document fragment for each test case. This method allows us to append sanitized HTML content to the DOM without causing layout issues. If you have any further questions or would like more information on these libraries or their usage, feel free to ask!
Related benchmarks:
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
HtmlSanitizer vs DOMPurifier
Dompurify vs js-xss | 84322342341
Dompurify vs js-xss | 28052024
Comments
Confirm delete:
Do you really want to delete benchmark?