Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify vs fn that returns string
(version: 0)
Comparing performance of:
DOMPurify vs Sanitize HTML
Created:
2 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.2.7/purify.min.js"></script>
Tests:
DOMPurify
const testString = ` https://www.google.com ` const result = DOMPurify.sanitize(testString)
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> `
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
No previous run results
This benchmark does not have any results yet. Be the first one
to run it!
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
**Overview of the Benchmark** The provided JSON represents a JavaScript microbenchmarking test on the MeasureThat.net website. The benchmark measures the performance difference between two approaches: using DOMPurify, a library for sanitizing HTML and removing malicious code, and a function that returns a sanitized string. **Test Cases** There are two test cases: 1. **DOMPurify**: This test case uses the `DOMPurify.sanitize()` method to sanitize an HTML string containing nested tags (e.g., `<b>`, `<img>`). The input string is created using a template literal (`\r\nhttps://www.google.com\r\n`) and includes some malicious code (e.g., `<img src=x onerror=console.log(1)>`). 2. **Sanitize HTML**: This test case uses a function that returns a sanitized string without the use of any external libraries like DOMPurify. **Options Compared** The two options compared are: * **DOMPurify**: A library for sanitizing HTML and removing malicious code. + Pros: - Provides a robust and reliable way to sanitize HTML, handling various edge cases and security concerns. - Can be used with multiple browsers and platforms. + Cons: - May introduce additional overhead due to its functionality and configuration options. - Requires external dependency (the DOMPurify library). * **Manual Sanitization**: A function that returns a sanitized string without using any external libraries like DOMPurify. + Pros: - Does not introduce any external dependencies, reducing overhead. - Can be highly optimized for performance, as it only performs the necessary sanitization steps. + Cons: - Requires manual implementation of sanitization logic, which can be error-prone and time-consuming to maintain. - May not handle all edge cases and security concerns. **Library: DOMPurify** DOMPurify is a popular JavaScript library for sanitizing HTML and removing malicious code. Its purpose is to: * Remove disallowed tags, attributes, and content from an input string. * Handle various edge cases, such as nested tags, comment blocks, and script elements. * Support multiple browsers and platforms. **Special JS Feature/Syntax:** There are no special JavaScript features or syntax used in the test cases. The tests focus on comparing two approaches for sanitizing HTML strings. **Other Alternatives** If you need to sanitize HTML in your application, there are alternative libraries available: * **DOMSanitizer**: A part of the Chrome team's DOM library, providing a more comprehensive way to sanitize and validate HTML. * **html-minifier**: A lightweight JavaScript library that can be used to remove unnecessary whitespace and comments from an HTML string. * **sanitize-html**: Another popular JavaScript library for sanitizing HTML, offering a robust set of features and configuration options. Keep in mind that these alternatives may have different trade-offs and requirements compared to DOMPurify. Always evaluate the specific needs of your project before choosing a sanitization approach.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify 2.4.1 vs js-xss 1.0.14
Dompurify vs sanitize-html latest
Dompurify vs sanitize-html (2024-03-16)
Dompurify vs sanitize-html (latest)
Comments
Confirm delete:
Do you really want to delete benchmark?