[Owasp-antisamy] Performance optimization

Lars Trieloff lars at trieloff.net
Wed Jun 4 17:07:00 EDT 2008


out of interest from a performance-optimizing point of view: Do you  
see any objections against moving AntiSamy from a DOM-based to a SAX- 
based streaming implementation? All policy rules that I can currently  
think of do not require more than the current element and perhaps a  
stack, so that could greatly reduce the amount of memory used for  
larger HTML files.



On Jun 4, 2008, at 22:58 , Arshan Dabirsiaghi wrote:

> Serge,
> We are implementing this functionality into the current branch as we  
> speak. You could do it now by creating an instance of  
> AntiSamyDOMScanner directly and working with that, but I'd like  
> people to use the AntiSamy facade for simplification.
> In the next version we have introduced a constructor for AntiSamy  
> that takes a Policy object. After it gets instantiated you can call  
> the same AntiSamy object with the same, pre-built Policy object  
> repeatedly. We have also put a getter and setter for the instance  
> variable so that you can switch out policy files quickly and not  
> have to rebuild them. I hope this helps, and we look forward to the  
> next release in the next 1-2 weeks.
> Thanks,
> Arshan
> From: owasp-antisamy-bounces at lists.owasp.org on behalf of Serge  
> Droganov
> Sent: Wed 6/4/2008 4:37 PM
> To: owasp-antisamy at lists.owasp.org
> Subject: [Owasp-antisamy] Performance optimization
> Hello,
> RTFM doesn't help me, so I have to ask my question here.
> I have discovered (with getScanTime) that AntiSamy needs about 0.028
> second to sanitize mid-sized html page.
> But actual scan time  for the same page is about a second.
> It looks like reading and parsing policy file is the most expensive
> operation.
> So my question is:
> Is there any option to read and parse policy file once at the first
> call and store results within an application?
> (antiSamy.scan(input, cachedPolicy))
> Thank you,
> Serge
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy

More information about the Owasp-antisamy mailing list