RubyGems - selma - Versions diffs - 0.3.0-aarch64-linux → 0.4.1-aarch64-linux - Mend

selma 0.3.0-aarch64-linux → 0.4.1-aarch64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60eaadd36c1687863ba3a48d8c3506496e2b14d6b26e738a422d53c0a74b1eb0
-  data.tar.gz: 3c094ba496d5edfbffd5ec03ff07dce4a689a87e134fa2e8e291be629570ba86
+  metadata.gz: d400498eeff57ae3e6c7fe050f9eb726a68bd237e9d3d1ed4157019ca86f011b
+  data.tar.gz: 695def76e747a252f3c6aad1f6ccccfad853455cbc5ae2b61d6b67cc77cc4578
 SHA512:
-  metadata.gz: 47b36c8fc1d20ebb2366338fc743e6b9b44f10b84d492bb55a0851aeb4ce9acd4aec5183a14e1b5052ba9768b42c9fbaf637883379aeff0e5779f5978d513bf3
-  data.tar.gz: e15a3dbf3439ecd2a158b82c883d3eea3acad7eee3d29bf9787f12724cccb5db5b54f56f9dd71a0a54edfa32cbd054341856179250c1e01a8f61c062d56bfdc0
+  metadata.gz: c6f7785d62ca2e23948d19146bc730e4f352bba06b495eddc7c79db9a3712be250f1c498e6999d1a76036b1a30becb26f879bc807269a5dcff5877800412d034
+  data.tar.gz: cd8d61a3da0983c25df09f785576324011b4b67c27a85362f39c8611ec3b18161c39c6ed7e006a64446b9368e2ec16f386c2115e31b1b5ee9ed28ca4ac9d1c36

data/README.md CHANGED Viewed

@@ -180,6 +180,26 @@ The `element` argument in `handle_element` has the following methods:
 - `after(content, as: content_type)`: Inserts `content` after the text. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 - `replace(content, as: content_type)`: Replaces the text node with `content`. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+## Security
+Theoretically, a malicious user can provide a very large document for processing, which can exhaust the memory of the host machine. To set a limit on how much string content is processed at once, you can provide `memory` options:
+```ruby
+Selma::Rewriter.new(options: { memory: { max_allowed_memory_usage: 1_000_000 } }) # ~1MB
+```
+The structure of the `memory` options looks like this:
+```ruby
+{
+  memory: {
+    max_allowed_memory_usage: 1000,
+    preallocated_parsing_buffer_size: 100,
+  }
+}
+```
+Note that `preallocated_parsing_buffer_size` must always be less than `max_allowed_memory_usage`. See [the`lol_html` project documentation](https://docs.rs/lol_html/1.2.1/lol_html/struct.MemorySettings.html) to learn more about the default values.
 ## Benchmarks
 When `bundle exec rake benchmark`, two different benchmarks are calculated. Here are those results on my machine.
@@ -191,30 +211,33 @@ Comparing Selma against popular Ruby sanitization gems:
 <!-- prettier-ignore-start -->
 <details>
 <pre>
+input size = 25309 bytes, 0.03 MB
+ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          sanitize-sm    15.000 i/100ms
-            selma-sm   126.000 i/100ms
+            selma-sm   127.000 i/100ms
 Calculating -------------------------------------
-         sanitize-sm    155.074 (± 1.9%) i/s -      4.665k in  30.092214s
-            selma-sm      1.290k (± 1.3%) i/s -     38.808k in  30.085333s
+         sanitize-sm    157.643 (± 1.9%) i/s -      4.740k in  30.077172s
+            selma-sm      1.278k (± 1.5%) i/s -     38.354k in  30.019722s
 Comparison:
-            selma-sm:     1290.1 i/s
-         sanitize-sm:      155.1 i/s - 8.32x  slower
+            selma-sm:     1277.9 i/s
+         sanitize-sm:      157.6 i/s - 8.11x  slower
 input size = 86686 bytes, 0.09 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
-         sanitize-md     3.000 i/100ms
+         sanitize-md     4.000 i/100ms
             selma-md    33.000 i/100ms
 Calculating -------------------------------------
-         sanitize-md     40.321 (± 5.0%) i/s -      1.206k in  30.004711s
-            selma-md    337.417 (± 1.5%) i/s -     10.131k in  30.032772s
+         sanitize-md     40.034 (± 5.0%) i/s -      1.200k in  30.043322s
+            selma-md    332.959 (± 2.1%) i/s -      9.999k in  30.045733s
 Comparison:
-            selma-md:      337.4 i/s
-         sanitize-md:       40.3 i/s - 8.37x  slower
+            selma-md:      333.0 i/s
+         sanitize-md:       40.0 i/s - 8.32x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -223,12 +246,12 @@ Warming up --------------------------------------
          sanitize-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         sanitize-lg      0.144 (± 0.0%) i/s -      5.000 in  34.772526s
-            selma-lg      4.026 (± 0.0%) i/s -    121.000 in  30.067415s
+         sanitize-lg      0.141 (± 0.0%) i/s -      5.000 in  35.426127s
+            selma-lg      3.963 (± 0.0%) i/s -    119.000 in  30.037386s
 Comparison:
             selma-lg:        4.0 i/s
-         sanitize-lg:        0.1 i/s - 27.99x  slower
+         sanitize-lg:        0.1 i/s - 28.03x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->
@@ -240,23 +263,22 @@ Comparing Selma against popular Ruby HTML parsing gems:
 <!-- prettier-ignore-start -->
 <details>
 <pre>
 input size = 25309 bytes, 0.03 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          nokogiri-sm    79.000 i/100ms
-       nokolexbor-sm   285.000 i/100ms
-            selma-sm   244.000 i/100ms
+       nokolexbor-sm   295.000 i/100ms
+            selma-sm   237.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-sm    807.790 (± 3.1%) i/s -     24.253k in  30.056301s
-       nokolexbor-sm      2.880k (± 6.4%) i/s -     86.070k in  30.044766s
-            selma-sm      2.508k (± 1.2%) i/s -     75.396k in  30.068792s
+         nokogiri-sm    800.531 (± 2.2%) i/s -     24.016k in  30.016056s
+       nokolexbor-sm      3.033k (± 3.6%) i/s -     91.155k in  30.094884s
+            selma-sm      2.386k (± 1.6%) i/s -     71.574k in  30.001701s
 Comparison:
-       nokolexbor-sm:     2880.3 i/s
-            selma-sm:     2507.8 i/s - 1.15x  slower
-         nokogiri-sm:      807.8 i/s - 3.57x  slower
+       nokolexbor-sm:     3033.1 i/s
+            selma-sm:     2386.3 i/s - 1.27x  slower
+         nokogiri-sm:      800.5 i/s - 3.79x  slower
 input size = 86686 bytes, 0.09 MB
@@ -264,16 +286,16 @@ ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          nokogiri-md     8.000 i/100ms
        nokolexbor-md    43.000 i/100ms
-            selma-md    39.000 i/100ms
+            selma-md    38.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-md     87.367 (± 3.4%) i/s -      2.624k in  30.061642s
-       nokolexbor-md    438.782 (± 3.9%) i/s -     13.158k in  30.031163s
-            selma-md    392.591 (± 3.1%) i/s -     11.778k in  30.031391s
+         nokogiri-md     85.013 (± 8.2%) i/s -      2.024k in  52.257472s
+       nokolexbor-md    416.074 (±11.1%) i/s -     12.341k in  30.111613s
+            selma-md    361.471 (± 4.7%) i/s -     10.830k in  30.033997s
 Comparison:
-       nokolexbor-md:      438.8 i/s
-            selma-md:      392.6 i/s - 1.12x  slower
-         nokogiri-md:       87.4 i/s - 5.02x  slower
+       nokolexbor-md:      416.1 i/s
+            selma-md:      361.5 i/s - same-ish: difference falls within error
+         nokogiri-md:       85.0 i/s - 4.89x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -283,14 +305,14 @@ Warming up --------------------------------------
        nokolexbor-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-lg      0.895 (± 0.0%) i/s -     27.000 in  30.300832s
-       nokolexbor-lg      2.163 (± 0.0%) i/s -     65.000 in  30.085656s
-            selma-lg      5.867 (± 0.0%) i/s -    176.000 in  30.006240s
+         nokogiri-lg      0.805 (± 0.0%) i/s -     25.000 in  31.148730s
+       nokolexbor-lg      2.194 (± 0.0%) i/s -     66.000 in  30.278108s
+            selma-lg      5.541 (± 0.0%) i/s -    166.000 in  30.037197s
 Comparison:
-            selma-lg:        5.9 i/s
-       nokolexbor-lg:        2.2 i/s - 2.71x  slower
-         nokogiri-lg:        0.9 i/s - 6.55x  slower
+            selma-lg:        5.5 i/s
+       nokolexbor-lg:        2.2 i/s - 2.53x  slower
+         nokogiri-lg:        0.8 i/s - 6.88x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->

data/lib/selma/3.1/selma.so CHANGED Viewed

Binary file

data/lib/selma/3.2/selma.so CHANGED Viewed

Binary file

data/lib/selma/3.3/selma.so CHANGED Viewed

Binary file

data/lib/selma/config.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module Selma
+  module Config
+    OPTIONS = {
+      memory: {
+        max_allowed_memory_usage: nil,
+        preallocated_parsing_buffer_size: nil,
+      },
+    }
+  end
+end

data/lib/selma/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Selma
-  VERSION = "0.3.0"
+  VERSION = "0.4.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.1
 platform: aarch64-linux
 authors:
 - Garen J. Torikian
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-07 00:00:00.000000000 Z
+date: 2024-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -51,6 +51,7 @@ files:
 - lib/selma/3.1/selma.so
 - lib/selma/3.2/selma.so
 - lib/selma/3.3/selma.so
+- lib/selma/config.rb
 - lib/selma/extension.rb
 - lib/selma/html.rb
 - lib/selma/rewriter.rb