MeasureThat.net

 Dompurify 2.3.3 vs sanitize-html 1.27.5 vs Js-XSS Latest (Test #1) (version: 14)

Comparing performance of: Dompurify 2.3.3 vs Sanitize-html 1.27.5 vs Js-XSS Latest

Created: 3 years ago by: Registered User
Jump to the latest result
HTML Preparation code:
AخA
 
1
<script src="https://cdnjs.cloudflare.com/ajax/libs/sanitize-html/1.27.5/sanitize-html.min.js"></script>
2
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
3
<script src="https://rawgit.com/leizongmin/js-xss/master/dist/xss.js"></script>
Tests:

  • Dompurify 2.3.3

     
    const testString = `
    <b onclick="console.log(0)">Welcome to safeland</b><br>
    <a draggable="true" ondrag="console.log(1)">test</a>
    <a id=x tabindex=1 onfocus=console.log(2)>test</a>
    <a onclick="console.log(3)">test</a>
    <marquee onstart=console.log(4)></marquee>
    <x ondrag=console.log(5)>drag this!</x>
    <title onmouseover="console.log(6)">test</title>
    <img src/onerror="console.log(7)">
    <textarea onclick="console.log(8)">test</textarea>
    <a href="javascript:console.log(9)">This is fun</a><br>
    <img src=x onerror="console.log(10)">
    <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button>
    <math href="javascript:alert(13)">CLICKME</math>
    <set attributeName="onmouseover" to="alert(14)"/>
    <animate attributeName="onunload" to="alert(15)"/>
    <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video>
    <var onpaste="alert(17)" contenteditable>test</var>
    <article onmouseout="alert(18)">test</article>
    <area onclick="alert(19)">test</area>
    <a onmouseover="alert(20)">test</a>
    <body onload=alert(21)></body>
    <html ontouchstart=alert(22)></html>
    <svg onload=alert(23)>
    <form action=javascript:alert(24)><input type=submit></form>
    <audio src/onerror=alert(25)>
    `
    const result = DOMPurify.sanitize(testString)

  • Sanitize-html 1.27.5

     
    const testString = `
    <b onclick="console.log(0)">Welcome to safeland</b><br>
    <a draggable="true" ondrag="console.log(1)">test</a>
    <a id=x tabindex=1 onfocus=console.log(2)>test</a>
    <a onclick="console.log(3)">test</a>
    <marquee onstart=console.log(4)></marquee>
    <x ondrag=console.log(5)>drag this!</x>
    <title onmouseover="console.log(6)">test</title>
    <img src/onerror="console.log(7)">
    <textarea onclick="console.log(8)">test</textarea>
    <a href="javascript:console.log(9)">This is fun</a><br>
    <img src=x onerror="console.log(10)">
    <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button>
    <math href="javascript:alert(13)">CLICKME</math>
    <set attributeName="onmouseover" to="alert(14)"/>
    <animate attributeName="onunload" to="alert(15)"/>
    <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video>
    <var onpaste="alert(17)" contenteditable>test</var>
    <article onmouseout="alert(18)">test</article>
    <area onclick="alert(19)">test</area>
    <a onmouseover="alert(20)">test</a>
    <body onload=alert(21)></body>
    <html ontouchstart=alert(22)></html>
    <svg onload=alert(23)>
    <form action=javascript:alert(24)><input type=submit></form>
    <audio src/onerror=alert(25)>
    `
    const result = sanitizeHtml(testString)

  • Js-XSS Latest

     
    const testString = `
    <b onclick="console.log(0)">Welcome to safeland</b><br>
    <a draggable="true" ondrag="console.log(1)">test</a>
    <a id=x tabindex=1 onfocus=console.log(2)>test</a>
    <a onclick="console.log(3)">test</a>
    <marquee onstart=console.log(4)></marquee>
    <x ondrag=console.log(5)>drag this!</x>
    <title onmouseover="console.log(6)">test</title>
    <img src/onerror="console.log(7)">
    <textarea onclick="console.log(8)">test</textarea>
    <a href="javascript:console.log(9)">This is fun</a><br>
    <img src=x onerror="console.log(10)">
    <button formaction="javascript:alert(11)" onclick="javascript:alert(12)"></button>
    <math href="javascript:alert(13)">CLICKME</math>
    <set attributeName="onmouseover" to="alert(14)"/>
    <animate attributeName="onunload" to="alert(15)"/>
    <video autoplay onplay=alert(16)><source src="validvideo.mp4" type="video/mp4"></video>
    <var onpaste="alert(17)" contenteditable>test</var>
    <article onmouseout="alert(18)">test</article>
    <area onclick="alert(19)">test</area>
    <a onmouseover="alert(20)">test</a>
    <body onload=alert(21)></body>
    <html ontouchstart=alert(22)></html>
    <svg onload=alert(23)>
    <form action=javascript:alert(24)><input type=submit></form>
    <audio src/onerror=alert(25)>
    `
    const result = filterXSS(testString)
Rendered benchmark preparation results:

Suite status: <idle, ready to run>

Previous results

Experimental features:

  • Test case name Result
    Dompurify 2.3.3
    Sanitize-html 1.27.5
    Js-XSS Latest

    Fastest: N/A

    Slowest: N/A

Latest run results:
Run details: (Test run date: 26 days ago)
Mozilla/5.0 (Linux; Android 14; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.6998.135 Mobile Safari/537.36
Chrome Mobile 134 on Android
View result in a separate tab
Test name Executions per second
Dompurify 2.3.3 747.2 Ops/sec
Sanitize-html 1.27.5 10482.3 Ops/sec
Js-XSS Latest 21435.4 Ops/sec
LLMs can make mistakes. Check important info.
Related benchmarks: