RubyGems - selma - Versions diffs - 0.3.0-x86_64-linux → 0.4.1-x86_64-linux - Mend

selma 0.3.0-x86_64-linux → 0.4.1-x86_64-linux

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 024f7f6dd2ad3aa84f8097fb0df3839e2dd356566b62d3450bf1443432cd6e92
-  data.tar.gz: 741ae668dcc739eb00011a2b638d7830e13737cc29012656ad53a75e62d2b407
+  metadata.gz: 1456aea079c07f26d3bbbcbf088a4a9d77632ffef4161e6060a09f85aad2dfff
+  data.tar.gz: 7c1b482bd506fb044adedfbb856f1b198707d7602ebf90f2036e7e14d0780092
 SHA512:
-  metadata.gz: 4b8d7a74ec5d02dcc3b07805930440d407818c29e327b1b79cb507e29186057069e106baa4a2fc44e252787597ffabef485be4896074a2824065d4ce73b957e4
-  data.tar.gz: 7161964711b1a14e06b09950d725f5f6bf85f76a20bcea3726d87e7674a988e08ff35011cdb31fb85ad664e7844b2a2d61dbc8442a217ae161f31013c9ccb719
+  metadata.gz: fffc3a70c84827d5f8159d2b48654753fc02017a7e8b1ba35e2a4cb6ff476e1cc2a962ff6428d65cedd506cce161e7f6ba562dfe89b8a84c728d1ff14f322461
+  data.tar.gz: 4e3409e0f42efa8a0a75fa952aaa692d0802b6dcebda53f34beb2aa130885988ebbf18ac830cbf96a484777d7bc080626da986df1be6675072ca55825c273b33

data/README.md CHANGED Viewed

@@ -180,6 +180,26 @@ The `element` argument in `handle_element` has the following methods:
 - `after(content, as: content_type)`: Inserts `content` after the text. `content_type` is either `:text` or `:html` and determines how the content will be applied.
 - `replace(content, as: content_type)`: Replaces the text node with `content`. `content_type` is either `:text` or `:html` and determines how the content will be applied.
+## Security
+Theoretically, a malicious user can provide a very large document for processing, which can exhaust the memory of the host machine. To set a limit on how much string content is processed at once, you can provide `memory` options:
+```ruby
+Selma::Rewriter.new(options: { memory: { max_allowed_memory_usage: 1_000_000 } }) # ~1MB
+```
+The structure of the `memory` options looks like this:
+```ruby
+{
+  memory: {
+    max_allowed_memory_usage: 1000,
+    preallocated_parsing_buffer_size: 100,
+  }
+}
+```
+Note that `preallocated_parsing_buffer_size` must always be less than `max_allowed_memory_usage`. See [the`lol_html` project documentation](https://docs.rs/lol_html/1.2.1/lol_html/struct.MemorySettings.html) to learn more about the default values.
 ## Benchmarks
 When `bundle exec rake benchmark`, two different benchmarks are calculated. Here are those results on my machine.
@@ -191,30 +211,33 @@ Comparing Selma against popular Ruby sanitization gems:
 <!-- prettier-ignore-start -->
 <details>
 <pre>
+input size = 25309 bytes, 0.03 MB
+ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          sanitize-sm    15.000 i/100ms
-            selma-sm   126.000 i/100ms
+            selma-sm   127.000 i/100ms
 Calculating -------------------------------------
-         sanitize-sm    155.074 (± 1.9%) i/s -      4.665k in  30.092214s
-            selma-sm      1.290k (± 1.3%) i/s -     38.808k in  30.085333s
+         sanitize-sm    157.643 (± 1.9%) i/s -      4.740k in  30.077172s
+            selma-sm      1.278k (± 1.5%) i/s -     38.354k in  30.019722s
 Comparison:
-            selma-sm:     1290.1 i/s
-         sanitize-sm:      155.1 i/s - 8.32x  slower
+            selma-sm:     1277.9 i/s
+         sanitize-sm:      157.6 i/s - 8.11x  slower
 input size = 86686 bytes, 0.09 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
-         sanitize-md     3.000 i/100ms
+         sanitize-md     4.000 i/100ms
             selma-md    33.000 i/100ms
 Calculating -------------------------------------
-         sanitize-md     40.321 (± 5.0%) i/s -      1.206k in  30.004711s
-            selma-md    337.417 (± 1.5%) i/s -     10.131k in  30.032772s
+         sanitize-md     40.034 (± 5.0%) i/s -      1.200k in  30.043322s
+            selma-md    332.959 (± 2.1%) i/s -      9.999k in  30.045733s
 Comparison:
-            selma-md:      337.4 i/s
-         sanitize-md:       40.3 i/s - 8.37x  slower
+            selma-md:      333.0 i/s
+         sanitize-md:       40.0 i/s - 8.32x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -223,12 +246,12 @@ Warming up --------------------------------------
          sanitize-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         sanitize-lg      0.144 (± 0.0%) i/s -      5.000 in  34.772526s
-            selma-lg      4.026 (± 0.0%) i/s -    121.000 in  30.067415s
+         sanitize-lg      0.141 (± 0.0%) i/s -      5.000 in  35.426127s
+            selma-lg      3.963 (± 0.0%) i/s -    119.000 in  30.037386s
 Comparison:
             selma-lg:        4.0 i/s
-         sanitize-lg:        0.1 i/s - 27.99x  slower
+         sanitize-lg:        0.1 i/s - 28.03x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->
@@ -240,23 +263,22 @@ Comparing Selma against popular Ruby HTML parsing gems:
 <!-- prettier-ignore-start -->
 <details>
 <pre>
 input size = 25309 bytes, 0.03 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          nokogiri-sm    79.000 i/100ms
-       nokolexbor-sm   285.000 i/100ms
-            selma-sm   244.000 i/100ms
+       nokolexbor-sm   295.000 i/100ms
+            selma-sm   237.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-sm    807.790 (± 3.1%) i/s -     24.253k in  30.056301s
-       nokolexbor-sm      2.880k (± 6.4%) i/s -     86.070k in  30.044766s
-            selma-sm      2.508k (± 1.2%) i/s -     75.396k in  30.068792s
+         nokogiri-sm    800.531 (± 2.2%) i/s -     24.016k in  30.016056s
+       nokolexbor-sm      3.033k (± 3.6%) i/s -     91.155k in  30.094884s
+            selma-sm      2.386k (± 1.6%) i/s -     71.574k in  30.001701s
 Comparison:
-       nokolexbor-sm:     2880.3 i/s
-            selma-sm:     2507.8 i/s - 1.15x  slower
-         nokogiri-sm:      807.8 i/s - 3.57x  slower
+       nokolexbor-sm:     3033.1 i/s
+            selma-sm:     2386.3 i/s - 1.27x  slower
+         nokogiri-sm:      800.5 i/s - 3.79x  slower
 input size = 86686 bytes, 0.09 MB
@@ -264,16 +286,16 @@ ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          nokogiri-md     8.000 i/100ms
        nokolexbor-md    43.000 i/100ms
-            selma-md    39.000 i/100ms
+            selma-md    38.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-md     87.367 (± 3.4%) i/s -      2.624k in  30.061642s
-       nokolexbor-md    438.782 (± 3.9%) i/s -     13.158k in  30.031163s
-            selma-md    392.591 (± 3.1%) i/s -     11.778k in  30.031391s
+         nokogiri-md     85.013 (± 8.2%) i/s -      2.024k in  52.257472s
+       nokolexbor-md    416.074 (±11.1%) i/s -     12.341k in  30.111613s
+            selma-md    361.471 (± 4.7%) i/s -     10.830k in  30.033997s
 Comparison:
-       nokolexbor-md:      438.8 i/s
-            selma-md:      392.6 i/s - 1.12x  slower
-         nokogiri-md:       87.4 i/s - 5.02x  slower
+       nokolexbor-md:      416.1 i/s
+            selma-md:      361.5 i/s - same-ish: difference falls within error
+         nokogiri-md:       85.0 i/s - 4.89x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -283,14 +305,14 @@ Warming up --------------------------------------
        nokolexbor-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-lg      0.895 (± 0.0%) i/s -     27.000 in  30.300832s
-       nokolexbor-lg      2.163 (± 0.0%) i/s -     65.000 in  30.085656s
-            selma-lg      5.867 (± 0.0%) i/s -    176.000 in  30.006240s
+         nokogiri-lg      0.805 (± 0.0%) i/s -     25.000 in  31.148730s
+       nokolexbor-lg      2.194 (± 0.0%) i/s -     66.000 in  30.278108s
+            selma-lg      5.541 (± 0.0%) i/s -    166.000 in  30.037197s
 Comparison:
-            selma-lg:        5.9 i/s
-       nokolexbor-lg:        2.2 i/s - 2.71x  slower
-         nokogiri-lg:        0.9 i/s - 6.55x  slower
+            selma-lg:        5.5 i/s
+       nokolexbor-lg:        2.2 i/s - 2.53x  slower
+         nokogiri-lg:        0.8 i/s - 6.88x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->

data/lib/selma/3.1/selma.so CHANGED Viewed

Binary file

data/lib/selma/3.2/selma.so CHANGED Viewed

Binary file

data/lib/selma/3.3/selma.so CHANGED Viewed

Binary file

data/lib/selma/config.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module Selma
+  module Config
+    OPTIONS = {
+      memory: {
+        max_allowed_memory_usage: nil,
+        preallocated_parsing_buffer_size: nil,
+      },
+    }
+  end
+end

data/lib/selma/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Selma
-  VERSION = "0.3.0"
+  VERSION = "0.4.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.1
 platform: x86_64-linux
 authors:
 - Garen J. Torikian
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-07 00:00:00.000000000 Z
+date: 2024-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -51,6 +51,7 @@ files:
 - lib/selma/3.1/selma.so
 - lib/selma/3.2/selma.so
 - lib/selma/3.3/selma.so
+- lib/selma/config.rb
 - lib/selma/extension.rb
 - lib/selma/html.rb
 - lib/selma/rewriter.rb