Benchmark: Dompurify vs sanitize-html vs js-xss latest

HTML Preparation code:

<script src="https://cdn.jsdelivr.net/npm/sanitize-html@2.13.0/index.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/xss@1.0.15/dist/xss.min.js"></script>

Tests:

Sanitize HTML
const testString = ` Welcome to safeland <a href='javascript:alert(1)'>This is fun</a> <img src=x onerror=console.log(1)> ` const result = sanitizeHtml(testString)
js-xss
const testString = ` Welcome to safeland <a href='javascript:alert(1)'>This is fun</a> <img src=x onerror=console.log(1)> ` const result = filterXSS(testString)

Rendered benchmark preparation results:

Suite status: <idle, ready to run>

Previous results

Test case name	Result
Sanitize HTML
js-xss

Fastest: N/A

Slowest: N/A

Latest run results:

Run details: (Test run date: one year ago)

User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0

Browser/OS: Chrome 124 on Mac OS X 10.15.7

View result in a separate tab

Test name	Executions per second
Sanitize HTML	0.0 Ops/sec
js-xss	273403.0 Ops/sec

Autogenerated LLM Summary (model llama3.2:3b, generated 6 months ago):

LLMs can make mistakes. Check important info.

Let's break down the benchmark and explain what's being tested.

**What is being tested?**

MeasureThat.net is comparing three JavaScript libraries: `sanitize-html`, `js-xss`, and `DOMPurify`. The benchmark tests how fast each library can sanitize HTML strings, specifically those that contain potentially malicious code like XSS (Cross-Site Scripting) attacks.

**Options compared**

The three libraries being compared are:

1. **`sanitize-html`**: A popular JavaScript library for sanitizing HTML strings.
2. **`js-xss`**: Another JavaScript library designed to sanitize HTML strings and detect potential XSS threats.
3. **`DOMPurify`**: A widely used JavaScript library for purifying and sanitizing HTML content.

**Pros and cons of each approach**

Here's a brief summary:

1. **`sanitize-html`**:
	* Pros: Highly configurable, robust feature set, easy to use.
	* Cons: Can be slower than other options due to its extensive feature set.
2. **`js-xss`**:
	* Pros: Fast and lightweight, specifically designed for XSS detection.
	* Cons: Limited configuration options and feature set compared to `sanitize-html`.
3. **`DOMPurify`**:
	* Pros: Fast, easy to use, and has a wide range of pre-built configurations.
	* Cons: May not be as robust or customizable as `sanitize-html`.

**Library explanations**

1. **`js-xss`**: A lightweight JavaScript library specifically designed for detecting and sanitizing XSS threats. It's fast and efficient but limited in its feature set compared to other options.
2. **`DOMPurify`**: A widely used JavaScript library developed by Nick Statt, which aims to provide a simple and effective way to purify HTML content. It has a wide range of pre-built configurations and is known for its speed.

**Special JS features or syntax**

None mentioned in the benchmark definition.

**Other alternatives**

If you're looking for alternative libraries, here are a few options:

1. **`html-minifier`**: A lightweight JavaScript library that minimizes HTML while preserving its structure.
2. **`js-beautify-html`**: A JavaScript library that beautifies and sanitizes HTML content.
3. **`xss-protect`**: Another JavaScript library designed to protect against XSS attacks.

Keep in mind that the choice of library ultimately depends on your specific requirements and use case.

Related benchmarks:

Dompurify vs sanitize-html vs js-xss latest (version: 0)

Comparing performance of: Sanitize HTML vs js-xss

Created: one year ago by: Guest

Jump to the latest result

Sanitize HTML

js-xss

Suite status: <idle, ready to run>

Experimental features:

Fastest: N/A

Slowest: N/A

Autogenerated LLM Summary (model llama3.2:3b, generated 6 months ago):