Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
sanitize-html with escaping option vs lodash
(version: 0)
Comparing performance of:
lodash vs sanitize-html
Created:
4 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src='https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js'></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js" integrity="sha512-1WdDeZGPykoWawFKD3NGJfZM+4hq2+OxUF8ZJrrqFBNU3J+Q5Tgvn+XwHNt8HaVs1MRFFlAgtOgyJr6/mqN/xw==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
Script Preparation code:
var escape = title => _.escape(_.unescape(title)) var option = { allowedTags: [], allowedAttritbutes: [], disallowedTagsMode: 'escape' }
Tests:
lodash
console.log(escape("&ds;<")) console.log(escape("<속보>")) console.log(escape("<속보>")) console.log(escape("<marquee></marquee>")) console.log(escape("<marquee>속보</marquee>")) console.log(escape("<marquee><속보></marquee>")) console.log(escape("<b><속보></b>")) console.log(escape("<b><속보></b>"))
sanitize-html
console.log(sanitizeHtml("&ds;<", option)) console.log(sanitizeHtml("<속보>", option)) console.log(sanitizeHtml("<속보>", option)) console.log(sanitizeHtml("<marquee></marquee>", option)) console.log(sanitizeHtml("<marquee>속보</marquee>", option)) console.log(sanitizeHtml("<marquee><속보></marquee>", option)) console.log(sanitizeHtml("<b><속보></b>", option)) console.log(sanitizeHtml("<b><속보></b>", option))
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
lodash
sanitize-html
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
one year ago
)
User agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Browser/OS:
Chrome 134 on Windows
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=597339" width="100%" height="500px"></iframe>
Test name
Executions per second
lodash
10299.6 Ops/sec
sanitize-html
2488.3 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's dive into the world of JavaScript microbenchmarks! The provided JSON represents a benchmark test on MeasureThat.net, comparing the performance of two popular libraries: Sanitize HTML and Lodash. **Sanitize HTML Library** Sanitize HTML is a library that helps prevent cross-site scripting (XSS) attacks by sanitizing user-generated content. It removes malicious tags, attributes, and scripts from input data, ensuring that only allowed tags and attributes are rendered. In the provided JSON, Sanitize HTML is used in two modes: * `allowedTagsMode`: This mode specifies which tags should be allowed in the output. In this case, no tags are specified, which means only escaped text will be produced. * `disallowedTagsMode`: This mode specifies which tags should be disallowed or removed from the input data. The value `'escape'` indicates that all disallowed tags should be replaced with their corresponding HTML entities. **Lodash Library** Lodash is a utility library that provides a wide range of functions for working with arrays, objects, and strings. In this benchmark, Lodash is used in conjunction with Sanitize HTML to escape user-generated content. The `escape` function from Lodash takes a string as input and returns an escaped version of it. The `_unescape` function is used to convert the escaped characters back to their original form. **Options Comparison** In both cases, options are compared: * **Allowed tags**: Sanitize HTML allows no tags by default. * **Allowed attributes**: No attributes are specified in this benchmark. * **Disallowed tags mode**: Sanitize HTML uses `'escape'` disallowed tags mode to replace all disallowed tags with their corresponding HTML entities. **Pros and Cons** Here's a brief analysis of the pros and cons for each approach: * **Sanitize HTML (with `allowedTagsMode`)**: * Pros: Simple, no unnecessary escaping, good for preventing XSS attacks. * Cons: Might require more manual configuration, less flexible than other approaches. * **Lodash (with `escape` function)**: * Pros: More flexible, can be used with other libraries, easy to use and understand. * Cons: May not be as efficient as Sanitize HTML for large datasets, requires additional library. **Other Considerations** When working with user-generated content, it's essential to consider the following: * **Input validation**: Always validate user input to prevent XSS attacks. * **Output encoding**: Use libraries like Sanitize HTML or Lodash to ensure that output is properly encoded and escaped. * **Security best practices**: Follow security best practices, such as using HTTPS and validating user input, to minimize the risk of XSS attacks. **Alternatives** If you're looking for alternative approaches: * **DOMPurify**: A library that helps prevent XSS attacks by sanitizing user-generated content. * **DOMSandbox**: A library that creates a sandboxed environment to execute user-generated content safely. * **Content Security Policy (CSP)**: A security feature that allows you to define which sources of content are allowed to be executed within a web page. In conclusion, this benchmark test helps compare the performance and effectiveness of two popular libraries for sanitizing user-generated content. By understanding the pros and cons of each approach, developers can make informed decisions about how to protect their applications from XSS attacks.
Related benchmarks:
sanitize-html vs lodash
Lodash.get vs native [Krosnoz]
mergeWith lodash vs immutable
Cloning benchmarking (with anonymous functions)
Comments
Confirm delete:
Do you really want to delete benchmark?