Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Dompurify vs js-xss | 84322342341
(version: 0)
Comparing performance of:
DOMPurify vs js-xss
Created:
one year ago
by:
Guest
Jump to the latest result
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.4/purify.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/xss@1.0.15/dist/xss.min.js"></script>
Tests:
DOMPurify
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
js-xss
const testString = ` <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ` const result = filterXSS(testString)
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
DOMPurify
js-xss
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
one year ago
)
User agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Browser/OS:
Chrome 126 on Windows
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=525098" width="100%" height="500px"></iframe>
Test name
Executions per second
DOMPurify
27978.2 Ops/sec
js-xss
256126.2 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the provided benchmark definition and test cases to understand what is being tested. **Benchmark Definition** The benchmark definition provides information about the test, including its name, description (which is empty), script preparation code, and HTML preparation code. The purpose of this benchmark is to compare the performance of two libraries: `DOMPurify` and `js-xss`, in sanitizing user input strings. **Script Preparation Code** The script preparation code includes links to external JavaScript files: * `dompurify.min.js`: a library for sanitizing HTML strings, specifically designed to remove malicious scripts. * `xss.min.js`: another library for sanitizing user input data, this one is specifically designed for detecting and removing cross-site scripting (XSS) attacks. **Html Preparation Code** The HTML preparation code includes an example string that will be used as input for the benchmark: ```html <b>Welcome to safeland</b><br> <a href='javascript:alert(1)'>This is fun</a><br> <img src=x onerror=console.log(1)> ``` This string contains various elements, such as HTML tags (`<b>`, `<a>`, `<img>`), which can be used to inject malicious scripts or data. The `x` in the `img` tag's `src` attribute is an attempt to bypass sanitization by passing a variable as a URL parameter. **Individual Test Cases** The benchmark includes two test cases: 1. **DOMPurify**: This test case uses the `DOMPurify.sanitize()` function from the `dompurify` library to sanitize the input string. 2. **js-xss**: This test case uses the `filterXSS()` function from the `xss` library to sanitize the input string. **Options Compared** The two libraries are being compared in terms of their performance, specifically: * How quickly each library can execute and return a sanitized result * The number of executions per second (ExecutionsPerSecond) for each test case **Pros and Cons of Each Approach** **DOMPurify** Pros: * Widely used and well-maintained library * Supports multiple sanitization modes, including a "safe" mode that removes only malicious scripts and attributes * Can be configured to allow or disallow certain types of output (e.g., `escape` option) Cons: * May not detect all XSS attacks * Can be slower than some other libraries for very large input strings **js-xss** Pros: * Specifically designed for detecting and removing XSS attacks * Fast execution times due to its optimized algorithm * Supports both "strict" and "relaxed" sanitization modes Cons: * Smaller user base compared to DOMPurify * Fewer configuration options available **Other Considerations** * **DevicePlatform**: The benchmark measures performance on a desktop environment. If you want to test mobile or web environments, the results may vary. * **OperatingSystem**: The benchmark runs on Windows 10. If you want to test on other operating systems, the results may differ. **Alternatives** If you're looking for alternative libraries or approaches: * Other XSS sanitization libraries: `sanitize-html`, `xss-cleaner` * Alternative DOMPurify alternatives: `purify-js`, `html-sanitizer` Please note that this is not an exhaustive list, and the choice of library ultimately depends on your specific use case and requirements.
Related benchmarks:
Dompurify vs sanitize-html
Dompurify vs sanitize-html vs js-xss
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Dompurify 2.4.1 vs js-xss 1.0.14
Dompurify vs sanitize-html (2024-03-16)
Comments
Confirm delete:
Do you really want to delete benchmark?