pulibrary / allsearch_api / 08786bb6-7373-417c-99d4-42b2c52c7457

100%

main: 100%

Pull #496

circleci

Skip nokogiri-based sanitization for strings that don't contain angle brackets

It can be expensive to run the full sanitization routine on long
strings, so let's skip it if they don't need HTML-parser based sanitization,
using the heuristic of checking for an opening angle bracket.

Also, use ruby's squeeze method to avoid an expensive regular expression.

Also, avoid the potential for XSS if the source data has a malicious tag
that is encoded with HTML entities (e.g. `<script>` instead of
`<script>`.

According to the attached microbenchmark:

before:
```
Warming up --------------------------------------
           sanitizer   583.000 i/100ms
Calculating -------------------------------------
           sanitizer      6.308k (± 4.5%) i/s  (158.54 μs/i) -     31.482k in   5.001876s
```

after:
```
Warming up --------------------------------------
           sanitizer    31.808k i/100ms
Calculating -------------------------------------
           sanitizer    315.987k (± 3.1%) i/s    (3.16 μs/i) -      1.590M in   5.038977s
```

13 of 13 new or added lines in 1 file covered. (100.0%)

1435 of 1435 relevant lines covered (100.0%)

76.3 hits per line