Toggle navigation
MeasureThat.net
Create a benchmark
Tools
Feedback
FAQ
Register
Log In
Run results for:
Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1)
Go to the benchmark
Embed
Embed Benchmark Result
<iframe src="https://measurethat.net/Embed?id=497836" width="100%" height="500px"></iframe>
Run details:
User agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 OPR/105.0.0.0
Browser:
Opera 105
Operating system:
Windows
Device Platform:
Desktop
Date tested:
2 years ago
Test name
Executions per second
Dompurify 2.3.3
714.9 Ops/sec
Sanitize-html 1.27.5
3697.9 Ops/sec
Js-XSS Latest
9367.3 Ops/sec
HTML Preparation code:
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script> <script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
Tests:
Dompurify 2.3.3
const testString = ` <b onclick="console.log(0)">Welcome to safeland</b><br> <a draggable="true" ondrag="console.log(1)">test</a> <a id=x tabindex=1 onfocus=console.log(2)>test</a> <a onclick="console.log(3)">test</a> <marquee onstart=console.log(4)></marquee> <x ondrag=console.log(5)>drag this!</x> <title onmouseover="console.log(6)">test</title> <img src/onerror="console.log(7)"> <textarea onclick="console.log(8)">test</textarea> <a href="javascript:console.log(9)">This is fun</a><br> <img src=x onerror="console.log(10)"> <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button> <math href="javascript:alert(13)">CLICKME</math> <set attributeName="onmouseover" to="alert(14)"/> <animate attributeName="onunload" to="alert(15)"/> <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video> <var onpaste="alert(17)" contenteditable>test</var> <article onmouseout="alert(18)">test</article> <area onclick="alert(19)">test</area> <a onmouseover="alert(20)">test</a> <body onload=alert(21)></body> <html ontouchstart=alert(22)></html> <svg onload=alert(23)> <form action=javascript:alert(24)><input type=submit></form> <audio src/onerror=alert(25)> ` const result = DOMPurify.sanitize(testString)
Sanitize-html 1.27.5
const testString = ` <b onclick="console.log(0)">Welcome to safeland</b><br> <a draggable="true" ondrag="console.log(1)">test</a> <a id=x tabindex=1 onfocus=console.log(2)>test</a> <a onclick="console.log(3)">test</a> <marquee onstart=console.log(4)></marquee> <x ondrag=console.log(5)>drag this!</x> <title onmouseover="console.log(6)">test</title> <img src/onerror="console.log(7)"> <textarea onclick="console.log(8)">test</textarea> <a href="javascript:console.log(9)">This is fun</a><br> <img src=x onerror="console.log(10)"> <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button> <math href="javascript:alert(13)">CLICKME</math> <set attributeName="onmouseover" to="alert(14)"/> <animate attributeName="onunload" to="alert(15)"/> <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video> <var onpaste="alert(17)" contenteditable>test</var> <article onmouseout="alert(18)">test</article> <area onclick="alert(19)">test</area> <a onmouseover="alert(20)">test</a> <body onload=alert(21)></body> <html ontouchstart=alert(22)></html> <svg onload=alert(23)> <form action=javascript:alert(24)><input type=submit></form> <audio src/onerror=alert(25)> ` const result = sanitizeHtml(testString)
Js-XSS Latest
const testString = ` <b onclick="console.log(0)">Welcome to safeland</b><br> <a draggable="true" ondrag="console.log(1)">test</a> <a id=x tabindex=1 onfocus=console.log(2)>test</a> <a onclick="console.log(3)">test</a> <marquee onstart=console.log(4)></marquee> <x ondrag=console.log(5)>drag this!</x> <title onmouseover="console.log(6)">test</title> <img src/onerror="console.log(7)"> <textarea onclick="console.log(8)">test</textarea> <a href="javascript:console.log(9)">This is fun</a><br> <img src=x onerror="console.log(10)"> <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button> <math href="javascript:alert(13)">CLICKME</math> <set attributeName="onmouseover" to="alert(14)"/> <animate attributeName="onunload" to="alert(15)"/> <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video> <var onpaste="alert(17)" contenteditable>test</var> <article onmouseout="alert(18)">test</article> <area onclick="alert(19)">test</area> <a onmouseover="alert(20)">test</a> <body onload=alert(21)></body> <html ontouchstart=alert(22)></html> <svg onload=alert(23)> <form action=javascript:alert(24)><input type=submit></form> <audio src/onerror=alert(25)> ` const result = filterXSS(testString)