Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify 2.3.3 vs sanitize-html
(version: 0)
Comparing performance of:
DOMPurify vs Sanitize HTML
Created:
4 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
No previous run results
This benchmark does not have any results yet. Be the first one
to run it!
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the provided JSON benchmark and explain what is tested, compared, and some pros/cons of different approaches. **Benchmark Overview** The benchmark compares two HTML sanitization libraries: `DOMPurify` (version 2.3.3) and `sanitize-html` (version 1.27.5). **Script Preparation Code** The script preparation code includes links to the required JavaScript files for both libraries: * `sanitize-html`: `https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js` * `DOMPurify`: `https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js` **Individual Test Cases** There are two test cases: ### Test Case 1: DOMPurify The benchmark definition for this test case is: ```javascript const testString = `\r\n<b>Welcome to safeland</b><br>\r\n<a href='javascript:alert(1)'>This is fun</a><br>\r\n<img src=x onerror=console.log(1)>\r\n`\r\nconst result = DOMPurify.sanitize(testString); ``` This test case uses the `DOMPurify` library to sanitize a malicious HTML string. The input string contains: * A `<b>` tag with a closing `</b>` tag * An `<a>` tag with a `href` attribute that executes a JavaScript alert * An `<img>` tag with an `src` attribute set to `x`, which is a deliberate invalid value, and an `onerror` event handler that logs a message to the console The test case checks how quickly the `DOMPurify.sanitize()` method can process this malicious input. ### Test Case 2: Sanitize HTML The benchmark definition for this test case is: ```javascript const testString = `\r\n<b>Welcome to safeland</b><br>\r\n<a href='javascript:alert(1)'>This is fun</a><br>\r\n<img src=x onerror=console.log(1)>\r\n`\r\nconst result = sanitizeHtml(testString); ``` This test case uses the `sanitize-html` library to sanitize the same malicious HTML string. The input string is identical to the previous test case. **Pros and Cons of Different Approaches** Both libraries aim to remove malicious characters from the input HTML string, preventing XSS attacks. Here are some pros and cons of each approach: * **DOMPurify**: Pros: + Easy to use: simply pass the input HTML string to `DOMPurify.sanitize()` + Fast: optimized for performance Cons: + May not handle all edge cases (e.g., nested tags, complex attribute values) + Can be less accurate than other libraries in detecting certain types of attacks * **sanitize-html**: Pros: + More comprehensive: handles a wide range of HTML elements and attributes + More accurate: detects more complex attacks and edge cases Cons: + May be slower than DOMPurify due to its more extensive sanitization logic + Requires more configuration options **Other Considerations** * **Library Purpose**: Both libraries are designed to sanitize HTML input, preventing cross-site scripting (XSS) attacks. However, they differ in their approach and accuracy. * **Special JS Feature**: None mentioned explicitly. **Alternatives** If you're looking for alternative HTML sanitization libraries, consider: * `html-minifier`: a fast and lightweight library that minimizes HTML while removing malicious characters * `js-sanitizer`: a more comprehensive library that detects a wide range of attacks and offers customization options Keep in mind that each library has its strengths and weaknesses, and the choice ultimately depends on your specific requirements and performance needs.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify vs sanitize-html vs js-xss
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?