[Owasp-antisamy] Performance optimization

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Wed Jun 4 16:58:21 EDT 2008

We are implementing this functionality into the current branch as we speak. You could do it now by creating an instance of AntiSamyDOMScanner directly and working with that, but I'd like people to use the AntiSamy facade for simplification.
In the next version we have introduced a constructor for AntiSamy that takes a Policy object. After it gets instantiated you can call the same AntiSamy object with the same, pre-built Policy object repeatedly. We have also put a getter and setter for the instance variable so that you can switch out policy files quickly and not have to rebuild them. I hope this helps, and we look forward to the next release in the next 1-2 weeks.


From: owasp-antisamy-bounces at lists.owasp.org on behalf of Serge Droganov
Sent: Wed 6/4/2008 4:37 PM
To: owasp-antisamy at lists.owasp.org
Subject: [Owasp-antisamy] Performance optimization

RTFM doesn't help me, so I have to ask my question here.

I have discovered (with getScanTime) that AntiSamy needs about 0.028 
second to sanitize mid-sized html page.
But actual scan time  for the same page is about a second.

It looks like reading and parsing policy file is the most expensive 

So my question is:
Is there any option to read and parse policy file once at the first 
call and store results within an application?
(antiSamy.scan(input, cachedPolicy))

Thank you,
Owasp-antisamy mailing list
Owasp-antisamy at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080604/ea6523f7/attachment.html 

More information about the Owasp-antisamy mailing list