Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify 3.0.8, Sanitize
(version: 0)
Comparing performance of:
DOMPurify with IN_PLACE vs Sanitize HTML vs DOMPurify without IN_PLACE
Created:
2 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.8/purify.min.js"></script>
Tests:
DOMPurify with IN_PLACE
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString,{IN_PLACE:true})
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> `
DOMPurify without IN_PLACE
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (3)
Previous results
Fork
Test case name
Result
DOMPurify with IN_PLACE
Sanitize HTML
DOMPurify without IN_PLACE
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
2 years ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Browser/OS:
Chrome 121 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=505393" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify with IN_PLACE
26800.0 Ops/sec
Sanitize HTML
152762720.0 Ops/sec
DOMPurify without IN_PLACE
26744.2 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's dive into the world of JavaScript microbenchmarks on MeasureThat.net. **Overview** The provided benchmark is designed to compare the performance of two HTML sanitization libraries: DOMPurify and Sanitize. The test cases are used to measure the execution time, known as "ExecutionsPerSecond," for each library when cleaning up malicious user input. **Test Cases** There are three individual test cases: 1. **DOMPurify with IN_PLACE**: This test case uses the `IN_PLACE` option in the DOMPurify API to compare its performance with Sanitize. 2. **Sanitize HTML**: This test case simply passes a string containing malicious user input to the Sanitize API without any options. 3. **DOMPurify without IN_PLACE**: Similar to the previous test case, but without using the `IN_PLACE` option. **Options Compared** The main difference between these three test cases is the use of the `IN_PLACE` option in DOMPurify: * **In-place sanitization** (IN_PLACE): This approach sanitizes the input string while modifying it directly. It's faster because it avoids creating a new, sanitized version of the input. * **Non-in-place sanitization**: Without using the `IN_PLACE` option, DOMPurify creates a new, sanitized version of the input string. **Pros and Cons** Here are some pros and cons of each approach: ### In-Place Sanitization (IN_PLACE) Pros: * Faster execution time * Uses less memory Cons: * Modifies the original input string, which may not be desirable in all cases * May introduce additional complexity for error handling ### Non-In-Place Sanitization Pros: * Creates a new, sanitized version of the input string, leaving the original intact * Easier to handle errors and maintain code organization Cons: * Slower execution time compared to in-place sanitization * Uses more memory due to creating a new string **Library Descriptions** 1. **DOMPurify**: A popular HTML sanitization library that uses a combination of regular expressions and parsing algorithms to remove malicious user input. 2. **Sanitize**: Another HTML sanitization library used in this benchmark, with an unknown implementation. **Special JS Features or Syntax** There are no special JavaScript features or syntaxes explicitly mentioned in the provided code. However, it's worth noting that both libraries use regular expressions and parsing algorithms to sanitize user input. **Alternatives** Some alternative HTML sanitization libraries you might want to explore include: * **DOMPurify.js Alternatives**: Other implementations of DOMPurify or similar libraries. * **Sanitize.js Alternatives**: Alternative libraries for sanitizing user input, such as **js-sanitize** or **html-sanitizer**. Keep in mind that this is not an exhaustive list, and there are many other HTML sanitization libraries available, each with their own strengths and weaknesses.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify 2.3.3 vs sanitize-html
Dompurify 2.4.1 vs js-xss 1.0.14
Dompurify vs sanitize-html 3
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?