Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
sanitize-html
(version: 0)
Comparing performance of:
DOMPurify vs sanitize-html
Created:
3 years ago
by:
Registered User
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.1/purify.min.js" integrity="sha512-uHOKtSfJWScGmyyFr2O2+efpDx2nhwHU2v7MVeptzZoiC7bdF6Ny/CmZhN2AwIK1oCFiVQQ5DA/L9FSzyPNu6Q==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
sanitize-html
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
sanitize-html
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
one year ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Browser/OS:
Chrome 128 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=574322" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify
39120.6 Ops/sec
sanitize-html
119756.0 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
**Benchmark Overview** The MeasureThat.net website provides a platform for users to create and run JavaScript microbenchmarks, allowing them to compare the performance of different libraries and approaches in sanitizing user-inputted HTML. **Script Preparation Code and Html Preparation Code** The benchmark uses two libraries: `sanitize-html` and `DOMPurify`. The script preparation code includes the URLs of these libraries, which are loaded asynchronously. The html preparation code contains a sample input string with malicious elements (e.g., `<b>`, `<a>`, and `<img>` tags) that will be sanitized. **Options Compared** The benchmark compares two approaches: 1. **`sanitize-html`**: This library is used to sanitize the HTML input string. 2. **`DOMPurify`**: This library is also used to sanitize the HTML input string, but with a different approach. **Pros and Cons of Each Approach** **`sanitize-html`:** Pros: * Optimized for performance * Handles edge cases well * Supports custom sanitizers Cons: * Limited support for certain HTML elements (e.g., `<script>` tags) * Can be more complex to configure **`DOMPurify`:** Pros: * Easy to use and configure * Handles a wide range of HTML elements * Supports custom whitelists and blacklists Cons: * May have performance overhead due to its approach * Limited control over configuration options **Library Descriptions** 1. **`sanitize-html`**: A fast and efficient library for sanitizing user-inputted HTML. It uses a whitelist-based approach, which filters out malicious elements from the input string. 2. **`DOMPurify`**: A popular library for sanitizing HTML strings. It uses a more aggressive approach, removing any element that is not explicitly allowed in the configuration. **Special JS Feature/Syntax** There is no special JavaScript feature or syntax used in this benchmark. **Other Alternatives** Some other libraries and approaches used for sanitizing user-inputted HTML include: * `HTML Sanitizer` by Mozilla: A more aggressive sanitizer that removes a wide range of malicious elements. * `DOMSanitizer` by Google Chrome: A powerful sanitizer that uses a combination of whitelisting and blacklisting to sanitize HTML strings. In summary, the benchmark compares two popular libraries for sanitizing user-inputted HTML: `sanitize-html` and `DOMPurify`. The choice between these libraries depends on performance requirements, configuration complexity, and the need for custom sanitization options.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify 2.3.3 vs sanitize-html
Dompurify vs sanitize-html 3
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?