Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
nothing vs sanitize-html
(version: 0)
Comparing performance of:
Nothing vs Sanitize HTML
Created:
2 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script>
Tests:
Nothing
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = testString console.log(result)
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString) console.log(result)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
Nothing
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
2 years ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15
Browser/OS:
Safari 16 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=496815" width="100%" height="500px"></iframe>
Test name
Executions per second
Nothing
1010290.0 Ops/sec
Sanitize HTML
154745.1 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the provided benchmark definition and test cases. **What is being tested?** The benchmark measures the performance difference between two approaches: 1. **Nothing**: This approach allows user-generated code to run without any sanitization or safety checks. The goal is to evaluate how quickly a browser can execute malicious code. 2. **Sanitize HTML**: This approach uses the `sanitize-html` library to remove harmful elements and attributes from the input code before execution. **Options compared** The two approaches differ in their treatment of user-generated code: * **Nothing**: No safety checks or sanitization are applied, making it a high-risk scenario for potential security vulnerabilities. * **Sanitize HTML**: The `sanitize-html` library is used to remove harmful elements and attributes from the input code, reducing the risk of security vulnerabilities. **Pros and cons of each approach** * **Nothing**: + Pros: None + Cons: Allows execution of malicious code, potentially leading to security breaches. * **Sanitize HTML**: + Pros: - Reduces the risk of security vulnerabilities by removing harmful elements and attributes. - Provides a safer testing environment for user-generated code. + Cons: - May introduce performance overhead due to the added sanitization step. **Library: sanitize-html** The `sanitize-html` library is used to sanitize user-generated HTML code. Its purpose is to remove or escape malicious elements and attributes, making it more difficult for attackers to inject harmful code into the browser. **Special JS feature/syntax** There are no special JavaScript features or syntax mentioned in the benchmark definition. However, some browsers may have specific security features or settings that could affect the results. **Other alternatives** While `sanitize-html` is the library used in this benchmark, there are other libraries and approaches available for sanitizing user-generated HTML code, such as: * **DOMPurify**: Another popular library for sanitizing user-generated content. * **HTML Purifier**: A PHP-based library specifically designed for sanitizing user-generated HTML. Keep in mind that the choice of sanitizer may impact performance and security considerations.
Related benchmarks:
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify 2.3.3 vs sanitize-html
sanitize-html vs lodash
sanitize-html with escaping option vs lodash
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?