Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify vs sanitize-html (2024-03-16)
(version: 0)
Comparing performance of:
DOMPurify vs Sanitize HTML
Created:
2 years ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.9/purify.min.js"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
Sanitize HTML
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
Sanitize HTML
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
2 years ago
)
User agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
Browser/OS:
Safari 17 on Mac OS X 10.15.7
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=512282" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify
40986.0 Ops/sec
Sanitize HTML
191538.1 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the benchmark and explain what's being tested. **Benchmark Overview** The benchmark is comparing two HTML sanitization libraries: `sanitize-html` (also known as Sanitize HTML) and `DOMPurify`. The goal is to measure which library performs better in terms of speed. **Options Compared** There are only two options being compared: 1. **Sanitize HTML**: This library is used for sanitizing user-inputted HTML strings to prevent XSS (Cross-Site Scripting) attacks. 2. **DOMPurify**: This library is also used for sanitizing user-inputted HTML strings, but it has additional features such as detecting and removing specific types of tags. **Pros and Cons** Here are the pros and cons of each approach: **Sanitize HTML:** Pros: * Simple and lightweight * Easy to use * Fast Cons: * May not detect all possible XSS attacks * Does not provide detailed information about the sanitized HTML **DOMPurify:** Pros: * More comprehensive security features (e.g., detects and removes specific types of tags) * Provides detailed information about the sanitized HTML Cons: * Larger and heavier than Sanitize HTML * More complex to use **Other Considerations** Both libraries are designed to work with JavaScript, but they have different implementation details. For example, DOMPurify uses a more aggressive approach to sanitizing HTML, which may impact performance. **Library Used in Test Case** In the test case, both `sanitize-html` and `DOMPurify` libraries are used. The Sanitize HTML library is included in the HTML preparation code, while the DOMPurify library is referenced in the JavaScript preparation code using a script tag. **Special JS Feature or Syntax** The test cases use a special syntax to create a malicious HTML string that exploits vulnerabilities in the sanitization process. This is done to simulate real-world XSS attacks and measure which library can handle them better. In summary, this benchmark compares two popular HTML sanitization libraries: Sanitize HTML and DOMPurify. The results provide insights into which library performs better in terms of speed and security features. **Other Alternatives** If you're interested in exploring alternative options, here are a few notable ones: 1. **HTML-Parse**: A lightweight JavaScript library for parsing and sanitizing HTML. 2. **js-xss**: A simple JavaScript library for detecting and preventing XSS attacks. 3. **OWASP ESAPI**: A comprehensive security framework that includes a sanitizer component. Keep in mind that each alternative has its own strengths and weaknesses, and the choice of which one to use depends on your specific requirements and constraints.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify 2.3.3 vs sanitize-html
Dompurify vs sanitize-html 3
Comments
Confirm delete:
Do you really want to delete benchmark?