Benchmark: Dompurify vs js-xss | 28052024

HTML Preparation code:

<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.1.4/purify.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/xss@1.0.15/dist/xss.min.js"></script>

Tests:

DOMPurify
const testString = ` Welcome to safeland <a href='javascript:alert(1)'>This is fun</a> <img src=x onerror=console.log(1)> ` const result = DOMPurify.sanitize(testString)
js-xss
const testString = ` Welcome to safeland <a href='javascript:alert(1)'>This is fun</a> <img src=x onerror=console.log(1)> ` const result = filterXSS(testString)

Rendered benchmark preparation results:

Suite status: <idle, ready to run>

Previous results

Test case name	Result
DOMPurify
js-xss

Fastest: N/A

Slowest: N/A

Latest run results:

Run details: (Test run date: one year ago)

User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Browser/OS: Chrome 125 on Windows

View result in a separate tab

Test name	Executions per second
DOMPurify	19220.7 Ops/sec
js-xss	249769.1 Ops/sec

Autogenerated LLM Summary (model llama3.2:3b, generated one year ago):

LLMs can make mistakes. Check important info.

Let's dive into the world of JavaScript microbenchmarks!

**What is tested?**

The provided JSON represents two test cases for comparing the performance of `DOMPurify` and `js-xss`, which are libraries designed to sanitize HTML and prevent Cross-Site Scripting (XSS) attacks.

**Options compared:**

1.  **DOMPurify:** DOMPurify is a library that uses a whitelist approach to sanitize HTML, which means it only allows specific tags and attributes in the output.
2.  **js-xss:** js-xss is another library that takes a blacklist approach to sanitize HTML, which means it blocks specific tags and attributes from being used.

**Pros and Cons:**

*   **DOMPurify:**
    *   Pros:
        *   Whitelist approach can be more efficient than blacklist approaches.
        *   DOMPurify has a wider range of supported features.
    *   Cons:
        *   Whitelist approach might not cover all possible XSS vulnerabilities.
        *   DOMPurify requires more configuration and customization.

*   **js-xss:**
    *   Pros:
        *   Blacklist approach can be more effective against known XSS attacks.
        *   js-xss is often simpler to configure and use.
    *   Cons:
        *   Blacklist approach might not cover all possible XSS vulnerabilities.
        *   Performance might be slower compared to whitelist approaches.

**Library explanations:**

*   **DOMPurify:** DOMPurify is a popular library developed by Paul Irish. It uses a whitelist approach to sanitize HTML, which makes it more efficient but also requires more configuration and customization.
*   **js-xss:** js-xss is another widely used library for sanitizing HTML and preventing XSS attacks. Its blacklist approach provides better protection against known XSS vulnerabilities.

**Special JS features or syntax:**

There doesn't appear to be any specific JavaScript features or syntax being tested in these benchmarks. The focus is on comparing the performance of two libraries, `DOMPurify` and `js-xss`, in sanitizing HTML strings.

**Other alternatives:**

If you're looking for alternative libraries for sanitizing HTML and preventing XSS attacks, some popular options include:

*   **html-minifier:** A lightweight library that minifies HTML while removing unnecessary characters.
*   **sanitize-html:** A library that provides a more comprehensive approach to sanitizing HTML by using a combination of whitelist and blacklist approaches.

Keep in mind that the choice of library often depends on your specific requirements, performance needs, and the type of project you're working on.

Related benchmarks:

Dompurify vs js-xss | 28052024 (version: 0)

Comparing performance of: DOMPurify vs js-xss

Created: one year ago by: Registered User

Jump to the latest result

DOMPurify

js-xss

Suite status: <idle, ready to run>

Fastest: N/A

Slowest: N/A

Autogenerated LLM Summary (model llama3.2:3b, generated one year ago):