[Owasp-antisamy] Performance optimization

Lars Trieloff lars at trieloff.net
Wed Jun 4 17:07:00 EDT 2008


Arshan,

out of interest from a performance-optimizing point of view: Do you  
see any objections against moving AntiSamy from a DOM-based to a SAX- 
based streaming implementation? All policy rules that I can currently  
think of do not require more than the current element and perhaps a  
stack, so that could greatly reduce the amount of memory used for  
larger HTML files.

regards,

Lars

On Jun 4, 2008, at 22:58 , Arshan Dabirsiaghi wrote:

> Serge,
>
> We are implementing this functionality into the current branch as we  
> speak. You could do it now by creating an instance of  
> AntiSamyDOMScanner directly and working with that, but I'd like  
> people to use the AntiSamy facade for simplification.
>
> In the next version we have introduced a constructor for AntiSamy  
> that takes a Policy object. After it gets instantiated you can call  
> the same AntiSamy object with the same, pre-built Policy object  
> repeatedly. We have also put a getter and setter for the instance  
> variable so that you can switch out policy files quickly and not  
> have to rebuild them. I hope this helps, and we look forward to the  
> next release in the next 1-2 weeks.
>
> Thanks,
> Arshan
>
> From: owasp-antisamy-bounces at lists.owasp.org on behalf of Serge  
> Droganov
> Sent: Wed 6/4/2008 4:37 PM
> To: owasp-antisamy at lists.owasp.org
> Subject: [Owasp-antisamy] Performance optimization
>
> Hello,
> RTFM doesn't help me, so I have to ask my question here.
>
> I have discovered (with getScanTime) that AntiSamy needs about 0.028
> second to sanitize mid-sized html page.
> But actual scan time  for the same page is about a second.
>
> It looks like reading and parsing policy file is the most expensive
> operation.
>
> So my question is:
> Is there any option to read and parse policy file once at the first
> call and store results within an application?
> (antiSamy.scan(input, cachedPolicy))
>
>
> Thank you,
> Serge
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy



More information about the Owasp-antisamy mailing list