Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify vs sanitize-html latest
(version: 0)
Comparing performance of:
DOMPurify vs Sanitize HTML
Created:
3 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdn.jsdelivr.net/npm/sanitize-html@1/dist/sanitize-html.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/dompurify/dist/purify.min.js"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> `; const result = DOMPurify.sanitize(testString);
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> `; const result = sanitizeHtml(testString);
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
6 months ago
)
User agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Edg/142.0.0.0
Browser/OS:
Chrome 142 on Windows
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=620406" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify
18118.4 Ops/sec
Sanitize HTML
105385.1 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's dive into the benchmark and explain what's being tested. **Benchmark Overview** The benchmark is designed to compare two JavaScript libraries: DOMPurify and sanitize-html. Both libraries are used to sanitize HTML strings, which means they remove or escape malicious code from user-inputted data to prevent XSS (Cross-Site Scripting) attacks. **Options Compared** The benchmark tests the performance of both libraries on a specific input string that contains various types of HTML tags and attributes, including: * `<b>` and `<br>` tags * An `<a>` tag with a `href` attribute that uses JavaScript code (`javascript:alert(1)`) * An `<img>` tag with a `src` attribute set to "x" (which will trigger an error) and an `onerror` event handler that logs a message to the console **Library Descriptions** 1. **DOMPurify**: DOMPurify is a lightweight JavaScript library developed by Mozilla. It's designed to sanitize HTML strings by removing or escaping malicious code, such as script tags and inline styles. DOMPurify is often used in web applications that handle user-inputted data. 2. **sanitize-html**: sanitize-html is another popular JavaScript library for sanitizing HTML strings. It provides a more comprehensive set of features than DOMPurify, including support for custom sanitizer functions. **Pros and Cons** * **DOMPurify**: + Pros: Lightweight, easy to use, and well-maintained. + Cons: May not provide the same level of customization as sanitize-html. * **sanitize-html**: + Pros: Provides more features and flexibility than DOMPurify, including custom sanitizer functions. + Cons: Heavier and potentially slower than DOMPurify. **Other Considerations** When choosing a library for sanitizing HTML strings, consider factors such as: * Performance: Both libraries are optimized for speed, but sanitize-html may have a slight performance advantage due to its more comprehensive feature set. * Customization: If you need to customize the sanitization process or support specific use cases, sanitize-html might be a better choice. * Complexity: DOMPurify is generally considered easier to use and understand, while sanitize-html has a steeper learning curve. **Special JS Features** The benchmark does not mention any special JavaScript features or syntax. The input strings and library functions are straightforward and do not rely on advanced JavaScript features. **Alternatives** If you're looking for alternative libraries for sanitizing HTML strings, consider: * **js-sanitize**: A lightweight JavaScript library that provides a simple and easy-to-use API. * **DOMPurify alternatives**: There are several other DOMPurify-like libraries available, such as **sanitize-html**'s own `purify` function or **html-minifier**, which is a separate project focused on minimizing HTML strings. I hope this explanation helps you understand the benchmark and choose the right library for your use case!
Related benchmarks:
Dompurify vs sanitize-html
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify 2.3.3 vs sanitize-html
Dompurify vs sanitize-html (latest)
Comments
Confirm delete:
Do you really want to delete benchmark?