pulibrary / allsearch_api

100%

main: 100%

LAST BUILD ON BRANCH faster-sanitize

branch: faster-sanitize

CHANGE BRANCH

x

Reset

• faster-sanitize
• 100-percent-coverage
• 377-multiple-onliine-results
• 400-migrate-best-bet-to-rom
• 401-migrate-library-staff-to-rom-db
• 403-database-rom
• 404-connect-without-activerecord
• 452-use-rom-when-possible
• 457-brakeman-remove
• 459-rails-rubocop
• 486-remove-index_with
• 487-rack-datadog-instrumentation
• 514-remmove-railties-railsCommands
• 514-remove-railties
• 514-remove-railties-applicationRb
• 514-remove-railties-capistrano
• 514-remove-railties-comment-update
• 514-remove-railties-honeybadger
• 514-strat-removing-railties
• 525-replace-rails-env-with-app-env
• 539-swagger-security-policy
• activesupport-concern
• activesupport-remove
• add-rake-to-gemfile
• ampersands
• array-exclude
• banner-rake-tasks
• blank-1
• bundle-update-06162025
• bundle-update-2025-12-22
• catalog-rack-app
• config-for
• config-hosts
• configs-once
• constantize
• coverage
• csp-middleware
• database-cleaner
• database-record-rom
• datadog-cleanup
• delegators
• delete-middlewares
• dependabot/bundler/activerecord-8.0.2.1
• dependabot/bundler/nokogiri-1.18.9
• dependabot/bundler/rack-3.1.14
• dependabot/bundler/rack-3.1.16
• dependabot/bundler/rack-3.1.17
• dependabot/bundler/rack-3.1.18
• dependabot/bundler/rack-session-2.1.1
• dependabot/bundler/rexml-3.4.2
• dependabot/bundler/thor-1.4.0
• dependabot/bundler/tzinfo-data-1.2025.3
• dpul-rack
• engineering_search_spike
• file-fixture
• fix-main
• fix-run-rspec
• flipper-add
• flipper-again
• flipper-sequel
• flipper-sequel-problem
• fqdn_deploy_files
• gemfile
• get-local-puma-running-again
• healthcheck
• host-header-protections
• i360_staff_name_link
• i371_engineering_librarian_bug
• initialize-9
• initializers
• initializers-2
• initializers-4
• initializers-6
• initializers-7
• load-landoenv
• log-level-info
• log-the-path
• logger
• logger-test-coverage
• main
• middleware
• migrate-some-more-rails-controllers
• missing-gem
• more-link-staff
• move-environment-to-init
• move-some-middlewares
• no-environment-for-solr
• no-environment-for-summon-tester
• no-more-rails-middleware
• no-parallelism
• oauth-token
• path-file-instead-of-rails-root
• presence
• present-2
• pry-byebug
• puma-config
• query-in-rom
• rack-cors-in-config-ru
• rack-router
• rails-groups
• rails-root-join
• rake-c-db-2
• rake-console
• rake-servers-start
• remove-action-view
• remove-actionpack
• remove-activemodel-api
• remove-activerecord-activemodel
• remove-be-present
• remove-blank
• remove-environment-from-openapi
• remove-environment-from-rake-task
• remove-library-database-record
• remove-psb-flipper
• remove-remaining-banner
• remove-rspec-rails
• remove-rubocop-rspec-rails
• remove-second
• remove-some-requires
• remove-status-uris
• remove-time-helpers
• remove-to-query
• remove_cap_rails
• remove_rails_references
• reopen-semantic-logger-after-passenger-fork
• replace-all-controllers
• replace-present-1
• replace-rswag
• repo-factory
• rom-rb-2
• rom-repo
• rubocop
• rubocop-plugins
• rubocop-tmp
• sandbergja-patch-1
• sanitizer
• self_hosted_runner_experiment
• semantic_logger
• serve-openapi-spec-with-rack
• serve-swagger-with-rack
• simplifiy-mapping
• solr9-lando-catalog
• spec-helper
• spec-helper-instead-of-rails-helper
• starting-fresh
• static-file
• summon-multiple-requests
• test-rom
• tests
• tests-rom
• time-zone
• to-sentence
• truncate
• tzinfo
• unneeded-requires
• update-deployrb-related-to-514
• update-openapi-spec
• use-our-own-autoloader
• use-our-routes
• use-ruby-json

Build # 08786bb6-7373-417c-99d4-42b2c52c7457

Build Type

Pull #496

circleci

Committed by sandbergja

Commit Message

Skip nokogiri-based sanitization for strings that don't contain angle brackets

It can be expensive to run the full sanitization routine on long
strings, so let's skip it if they don't need HTML-parser based sanitization,
using the heuristic of checking for an opening angle bracket.

Also, use ruby's squeeze method to avoid an expensive regular expression.

Also, avoid the potential for XSS if the source data has a malicious tag
that is encoded with HTML entities (e.g. `<script>` instead of
`<script>`.

According to the attached microbenchmark:

before:
```
Warming up --------------------------------------
           sanitizer   583.000 i/100ms
Calculating -------------------------------------
           sanitizer      6.308k (± 4.5%) i/s  (158.54 μs/i) -     31.482k in   5.001876s
```

after:
```
Warming up --------------------------------------
           sanitizer    31.808k i/100ms
Calculating -------------------------------------
           sanitizer    315.987k (± 3.1%) i/s    (3.16 μs/i) -      1.590M in   5.038977s
```

Pull Request Pull Request #496: Skip nokogiri-based sanitization for strings that don't contain angle brackets

Run Details

13 of 13 new or added lines in 1 file covered. (100.0%)

1435 of 1435 relevant lines covered (100.0%)

76.3 hits per line