Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
xss vs. dompurify vs. sanitize-html
(version: 0)
Comparing performance of:
xss vs dompurify
Created:
one year ago
by:
Registered User
Jump to the latest result
HTML Preparation code:
<script src="https://cdn.jsdelivr.net/npm/dompurify@3.1.6/dist/purify.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/xss@1.0.15/dist/xss.min.js"></script>
Script Preparation code:
var data = "<p>The expected release date is <strong>8/28/2024</strong>. Shipping for all orders will begin once the pre-order item is available in-store, should there be no unexpected delays.</p>\n<p><strong><span class=\"apple-converted-space> </span></p>\n<p><strong><span class=\" apple-converted-space=\"\"> IMPORTANT NOTE : Orders containing one or more pre-orders are typically held until all items are released and available to ship together. </span></strong></p>\n<p><strong>Each Album Includes</strong></p>\n<ul>\n<li><b>Album Case</b></li>\n<li>\n<b>Mini Card (QR Type) : Random 1 out of 5</b><b></b>\n</li>\n<li><b>Selfie Photocard : Random 2 out of 10</b></li>\n<li><b>Image Card Set : 8 ea</b></li>\n<li><b>Sticker</b></li>\n<li><b>Invitation Card</b></li>\n</ul>\n<ul></ul>\n<ul></ul>\n<p>For in-store pickups, please refer to the in-store pickup policy tab for further information. Prices may vary in-store.</p>\n<p><img src=\"https://cdn.shopify.com/s/files/1/2420/2037/files/AEONIT_1st_Single_Album_-_LUMOS_Platform_Ver._Strip.webp?v=1724256230\"></p>\n<p style=\"text-align: center;\"><span style=\"color: #000000;\"><strong>⚠️All of the information above is subject to change⚠️</strong></span></p>"
Tests:
xss
filterXSS(data);
dompurify
DOMPurify.sanitize(data, { ALLOWED_ATTR: [] })
Rendered benchmark preparation results:
Suite status:
<idle, ready to run>
Run tests (2)
Previous results
Fork
Test case name
Result
xss
dompurify
Fastest:
N/A
Slowest:
N/A
Latest run results:
Run details:
(Test run date:
11 months ago
)
User agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Browser/OS:
Chrome 137 on Windows
View result in a separate tab
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=608260" width="100%" height="500px"></iframe>
Test name
Executions per second
xss
49023.2 Ops/sec
dompurify
9086.5 Ops/sec
Autogenerated LLM Summary
(model
llama3.2:3b
, generated one year ago):
Let's break down the provided benchmark and explain what is being tested, compared, and the pros/cons of each approach. **Benchmark Overview** The provided benchmark compares three different libraries for sanitizing HTML input: `xss` (Cross-Site Scripting), `DOMPurify`, and `sanitize-html`. The goal is to determine which library is more efficient in filtering out XSS attacks. **Options Compared** 1. **xss**: This library filters out common XSS attack patterns, but it may not catch all possible attacks. 2. **DOMPurify**: This library uses a whitelist approach, allowing only specific attributes and tags to be included in the sanitized HTML. It's more restrictive than `xss`, but it provides better protection against XSS attacks. 3. **sanitize-html**: This library uses a blacklist approach, blocking specific malicious patterns from being injected into the HTML. **Pros and Cons of Each Approach** 1. **xss**: * Pros: Lightweight, easy to use, and fast execution times. * Cons: May not catch all possible XSS attacks, as it only filters out common patterns. 2. **DOMPurify**: * Pros: More comprehensive protection against XSS attacks by only allowing specific attributes and tags. * Cons: Can be slower due to the whitelist approach, which requires more processing power. 3. **sanitize-html**: * Pros: Provides strong protection against XSS attacks by blocking malicious patterns using a blacklist. * Cons: May be slower than `xss` or `DOMPurify`, and it may require more configuration options. **Library Explanation** 1. **xss**: The `xss` library is a simple, lightweight solution for filtering out common XSS attack patterns. It's easy to use and provides fast execution times. 2. **DOMPurify**: DOMPurify is a popular JavaScript library that uses a whitelist approach to sanitize HTML input. It allows only specific attributes and tags to be included in the sanitized HTML, making it more restrictive than `xss`. 3. **sanitize-html**: Sanitize-html is another lightweight JavaScript library for sanitizing HTML input. It uses a blacklist approach to block malicious patterns from being injected into the HTML. **Test Case Explanation** The test case uses the `filterXSS` and `DOMPurify.sanitize` functions, which are part of the `xss` and `DOMPurify` libraries, respectively. The `benchmark preparation code` includes a sample HTML string that contains potential XSS attack patterns, such as `<strong>...</strong>` tags with malicious content. **Other Alternatives** If you're interested in exploring alternative solutions for sanitizing HTML input, here are a few options: 1. **DOMSanitizer**: A web API for sanitizing DOM nodes and preventing XSS attacks. 2. **HTML-Purifier**: A PHP library for purifying HTML input to prevent XSS attacks. 3. **js-xss-escaper**: A lightweight JavaScript library for escaping user-input data to prevent XSS attacks. These alternatives offer different approaches to sanitizing HTML input, so it's essential to evaluate their pros and cons based on your specific use case.
Related benchmarks:
innerHTML vs removeChild
querySelectorAll vs getElementsByTagName vs getElementsByClassName with 968 nodes
querySelectorAll vs getElementsByTagName with two different tag names
querySelectorAll() vs getElementsByTagName()
querySelectorAll() vs getElementsByTagName() - with constant length
Comments
Confirm delete:
Do you really want to delete benchmark?