Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
HtmlSanitizer vs DOMPurifier
(version: 2)
Comparing performance of:
HtmlSanitizer vs DOMPurify
Created:
3 years ago
by:
Registered User
Jump to the latest result
HTML Preparation code:
<script src="https://cdn.jsdelivr.net/gh/cure53/DOMPurify/dist/purify.js"></script> <script src="https://unpkg.com/@jitbit/htmlsanitizer@latest/HtmlSanitizer.js"></script>
Script Preparation code:
window.testcontent = `<form id="action_online_form" method="post" action="./../adm/index.php?i=acp_main&sid=534a8e9c03d8251f56daeb0d857cc062&mode=main" data-ajax="true"> <dl> <dt><label for="action_online">Vynulovat rekord uživatelů online</label><br><span class="responsive-hide"> </span></dt> <dd><input type="hidden" name="action" value="online"><input class="button2" type="submit" id="action_online" name="action_online" value="Spustit nyní"></dd> </dl> </form>`
Tests:
HtmlSanitizer
var html1 = HtmlSanitizer.SanitizeHtml(window.testcontent);
DOMPurify
var html2 = DOMPurify.sanitize(window.testcontent, {ALLOWED_TAGS: ['b']});
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
HtmlSanitizer
DOMPurify
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
26 days ago
)
User agent:
Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
Browser/OS:
Firefox 140 on Linux
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=627687" width="100%" height="500px"></iframe>
Test name
Executions per second
HtmlSanitizer
5120.7 Ops/sec
DOMPurify
1789.7 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
**Benchmark Overview** MeasureThat.net is a website that allows users to create and run JavaScript microbenchmarks, specifically focusing on HTML sanitization using two popular libraries: DOMPurify and HtmlSanitizer. **Tested Options** The benchmark compares the performance of DOMPurify and HtmlSanitizer in sanitizing user input HTML. The options being tested are: 1. **DOMPurify**: A library developed by Curtis Childress that uses a whitelist approach to sanitize HTML, allowing specific tags and attributes while blocking others. 2. **HtmlSanitizer**: An alternative HTML sanitizer library that uses a combination of heuristics and whitelist approaches to detect and remove malicious code. **Pros and Cons** ### DOMPurify Pros: * Highly customizable through its configuration options (e.g., `ALLOWED_TAGS`, `ALLOWED_ATTRS`) * Supports multiple input formats, including HTML, text, and JSON * Can be used for general-purpose HTML sanitization Cons: * May have higher overhead due to its complex heuristics and regular expressions * Requires manual tuning of configuration options to achieve optimal performance ### HtmlSanitizer Pros: * Simpler and more lightweight compared to DOMPurify * Provides a more straightforward configuration model through its API * Still highly customizable with optional flags (e.g., `allowTags`, `allowAttributes`) Cons: * May not be as robust or comprehensive as DOMPurify's heuristics * Less flexible in terms of supported input formats **Library Description** 1. **DOMPurify**: Developed by Curtis Childress, DOMPurify is a popular and widely-used library for HTML sanitization. Its core philosophy revolves around using a whitelist approach to detect malicious code, allowing specific tags and attributes while blocking others. 2. **HtmlSanitizer**: HtmlSanitizer is an alternative HTML sanitizer library that aims to provide a more streamlined experience compared to DOMPurify. Its API offers optional flags to control the sanitization process, making it easier to customize for specific use cases. **Special JS Features or Syntax** None mentioned in the provided benchmark definition. However, keep in mind that JavaScript features like async/await, Promises, and Web Workers can impact benchmark performance. **Alternatives** For HTML sanitization, other alternatives include: 1. **JS Sanitizer**: A lightweight library offering a basic sanitization approach. 2. **HTML Saver**: A small library focused on saving the user's input as a sanitized string. 3. **DOMSaver**: Another lightweight library aimed at saving and sanitizing HTML elements. Please note that the performance differences between these alternatives may vary depending on specific use cases and requirements. In summary, the benchmark provides an excellent opportunity to compare two widely-used libraries for HTML sanitization: DOMPurify and HtmlSanitizer. By understanding their approaches, pros, and cons, developers can choose the best library for their needs and optimize performance accordingly.
Related benchmarks:
jQuery Selectors
querySelectorAll versus getElementsByTagName
jQuery body fit onclick filter vs direct
dompurify vs js-xss simple
Comments
Confirm delete:
Do you really want to delete benchmark?