Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify vs sanitize-html
(version: 0)
Comparing performance of:
DOMPurify vs Sanitize HTML
Created:
5 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.2.7/purify.min.js"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
4 months ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
Browser/OS:
Chrome 143 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=622624" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify
50720.1 Ops/sec
Sanitize HTML
189512.6 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
**Benchmark Overview** MeasureThat.net is a platform that allows users to create and run JavaScript microbenchmarks. The provided benchmark compares the performance of two popular libraries: DOMPurify and sanitize-html. **Library Descriptions** 1. **DOMPurify**: DOMPurify is a library that helps remove malicious content from HTML strings, making it safer for consumption by web browsers. It provides a simple API to sanitize user-generated content. 2. **sanitize-html**: sanitize-html is another popular library for sanitizing HTML content. It offers more advanced features than DOMPurify, including support for custom whitelisting and blacklisting of tags, attributes, and values. **Comparison of Options** The benchmark compares the performance of two options: 1. **DOMPurify vs Sanitize HTML**: The two libraries have different approaches to sanitizing HTML content. * **DOMPurify**: Uses a simple, rules-based approach to remove malicious tags and attributes from the input string. * **Sanitize HTML**: Employs a more advanced approach that uses regular expressions and custom whitelisting/blacklisting to sanitize the input string. **Pros and Cons of Each Approach** 1. **DOMPurify**: * Pros: + Simple, lightweight implementation + Fast execution times * Cons: + May not catch all malicious content (e.g., JavaScript injections) 2. **Sanitize HTML**: * Pros: + More comprehensive sanitization capabilities + Customizable whitelisting/blacklisting * Cons: + Heavier implementation compared to DOMPurify + May have slower execution times **Special JS Features/Syntax** In this benchmark, the test users special JavaScript features/syntax: 1. **JavaScript:alert(1)**: Used in the `onerror` attribute of an image tag. 2. **\r\n**: Used to create a newline character in the input string. **Other Considerations** * The benchmark uses Chrome 129 as the test browser, which may affect the results due to its version-specific features and performance characteristics. * The device platform is specified as Desktop, but the results are not explicitly verified for desktop vs. mobile devices. **Alternatives** If you're interested in exploring alternative libraries or approaches for sanitizing HTML content, some popular options include: 1. **Cheerio**: A lightweight jQuery-like library for parsing and manipulating HTML documents. 2. **DOMParser**: A native JavaScript API for parsing and transforming HTML documents. 3. **HTML Sanitizer by WAPForce**: Another commercial-grade HTML sanitizer that offers advanced features and customization options. Note that the choice of library or approach depends on your specific use case, performance requirements, and level of control over sanitization logic.
Related benchmarks:
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify 2.3.3 vs sanitize-html
Dompurify vs sanitize-html 3
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?