RubyGems - selma - Versions diffs - 0.4.0 → 0.4.1 - Mend

selma 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22f8e5128ea3eea52860c70f3fbd9d3f4d2b1139cccab700611e2aedf032fa99
-  data.tar.gz: 07e888bed12f8e2e7bbf7ab92ebe691464c017e6dbe43faafd18e10e50bfc92c
+  metadata.gz: e5b5e70ce5e954bbd53e8df94b58facb21a78174562f001ce328f9d3ba4b09a3
+  data.tar.gz: 4360c58ce183593b8b5ec8c2bc2a15090aa5ed86f3e8a69b5975111274e01749
 SHA512:
-  metadata.gz: f92066c8d7a4bd1357f852c34f4f050a7c863e250e0fe9cf742186aa82bba410738d0c25d209d0a13dbbcd9cb354012e3d10762193b9a40f690cad4c5293aa74
-  data.tar.gz: 6773e0af5e365fafc6b76a3bdae555f02d87a06a488abbe8cb75c964cce9846b0f46e0acfeb6bf628db2f9c56ed236afcf58d49c405f4cff13ba5bd5f2b87a63
+  metadata.gz: 9528b3320b2bbe90bf17ee1cffe17e6ab65f58ebae1c8edda77f61d2c4b8e8c08782b4bf11cbbaae50610c44aa0dc69c58ca70c4c943a96af84285db167929bd
+  data.tar.gz: 8cf5ebd4259fa09b07b7908a2de795746a45cf7fc25eb3243affe373e0c90a04760cd2d8798367ffc3abe343e5b499a9253b2f01ac195843a067c8cbc88701a5

data/README.md CHANGED Viewed

@@ -182,13 +182,20 @@ The `element` argument in `handle_element` has the following methods:
 ## Security
-Theoretically, a malicious user can provide a very large document for processing, which can exhaust the memory of the host machine. To set a limit on how much string content is processed at once, you can provide two options into the `memory` namespace:
+Theoretically, a malicious user can provide a very large document for processing, which can exhaust the memory of the host machine. To set a limit on how much string content is processed at once, you can provide `memory` options:
 ```ruby
-memory: {
-  max_allowed_memory_usage: 1000,
-  preallocated_parsing_buffer_size: 100,
-},
+Selma::Rewriter.new(options: { memory: { max_allowed_memory_usage: 1_000_000 } }) # ~1MB
+```
+The structure of the `memory` options looks like this:
+```ruby
+{
+  memory: {
+    max_allowed_memory_usage: 1000,
+    preallocated_parsing_buffer_size: 100,
+  }
+}
 ```
 Note that `preallocated_parsing_buffer_size` must always be less than `max_allowed_memory_usage`. See [the`lol_html` project documentation](https://docs.rs/lol_html/1.2.1/lol_html/struct.MemorySettings.html) to learn more about the default values.
@@ -208,29 +215,29 @@ input size = 25309 bytes, 0.03 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
-         sanitize-sm    16.000 i/100ms
-            selma-sm   214.000 i/100ms
+         sanitize-sm    15.000 i/100ms
+            selma-sm   127.000 i/100ms
 Calculating -------------------------------------
-         sanitize-sm    171.670 (± 1.2%) i/s -      5.152k in  30.017081s
-            selma-sm      2.146k (± 3.0%) i/s -     64.414k in  30.058470s
+         sanitize-sm    157.643 (± 1.9%) i/s -      4.740k in  30.077172s
+            selma-sm      1.278k (± 1.5%) i/s -     38.354k in  30.019722s
 Comparison:
-            selma-sm:     2145.8 i/s
-         sanitize-sm:      171.7 i/s - 12.50x  slower
+            selma-sm:     1277.9 i/s
+         sanitize-sm:      157.6 i/s - 8.11x  slower
 input size = 86686 bytes, 0.09 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
          sanitize-md     4.000 i/100ms
-            selma-md    56.000 i/100ms
+            selma-md    33.000 i/100ms
 Calculating -------------------------------------
-         sanitize-md     44.397 (± 2.3%) i/s -      1.332k in  30.022430s
-            selma-md    558.448 (± 1.4%) i/s -     16.800k in  30.089196s
+         sanitize-md     40.034 (± 5.0%) i/s -      1.200k in  30.043322s
+            selma-md    332.959 (± 2.1%) i/s -      9.999k in  30.045733s
 Comparison:
-            selma-md:      558.4 i/s
-         sanitize-md:       44.4 i/s - 12.58x  slower
+            selma-md:      333.0 i/s
+         sanitize-md:       40.0 i/s - 8.32x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -239,12 +246,12 @@ Warming up --------------------------------------
          sanitize-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         sanitize-lg      0.163 (± 0.0%) i/s -      6.000 in  37.375628s
-            selma-lg      6.750 (± 0.0%) i/s -    203.000 in  30.080976s
+         sanitize-lg      0.141 (± 0.0%) i/s -      5.000 in  35.426127s
+            selma-lg      3.963 (± 0.0%) i/s -    119.000 in  30.037386s
 Comparison:
-            selma-lg:        6.7 i/s
-         sanitize-lg:        0.2 i/s - 41.32x  slower
+            selma-lg:        4.0 i/s
+         sanitize-lg:        0.1 i/s - 28.03x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->
@@ -255,39 +262,40 @@ Comparing Selma against popular Ruby HTML parsing gems:
 <!-- prettier-ignore-start -->
 <details>
-<pre>input size = 25309 bytes, 0.03 MB
+<pre>
+input size = 25309 bytes, 0.03 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
-         nokogiri-sm   107.000 i/100ms
-       nokolexbor-sm   340.000 i/100ms
-            selma-sm   380.000 i/100ms
+         nokogiri-sm    79.000 i/100ms
+       nokolexbor-sm   295.000 i/100ms
+            selma-sm   237.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-sm      1.073k (± 2.1%) i/s -     32.207k in  30.025474s
-       nokolexbor-sm      3.300k (±13.2%) i/s -     27.540k in  36.788212s
-            selma-sm      3.779k (± 3.4%) i/s -    113.240k in  30.013908s
+         nokogiri-sm    800.531 (± 2.2%) i/s -     24.016k in  30.016056s
+       nokolexbor-sm      3.033k (± 3.6%) i/s -     91.155k in  30.094884s
+            selma-sm      2.386k (± 1.6%) i/s -     71.574k in  30.001701s
 Comparison:
-            selma-sm:     3779.4 i/s
-       nokolexbor-sm:     3300.1 i/s - same-ish: difference falls within error
-         nokogiri-sm:     1073.1 i/s - 3.52x  slower
+       nokolexbor-sm:     3033.1 i/s
+            selma-sm:     2386.3 i/s - 1.27x  slower
+         nokogiri-sm:      800.5 i/s - 3.79x  slower
 input size = 86686 bytes, 0.09 MB
 ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [arm64-darwin23]
 Warming up --------------------------------------
-         nokogiri-md    11.000 i/100ms
-       nokolexbor-md    48.000 i/100ms
-            selma-md    53.000 i/100ms
+         nokogiri-md     8.000 i/100ms
+       nokolexbor-md    43.000 i/100ms
+            selma-md    38.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-md    103.998 (± 5.8%) i/s -      3.113k in  30.029932s
-       nokolexbor-md    428.928 (± 7.9%) i/s -     12.816k in  30.066662s
-            selma-md    492.190 (± 6.9%) i/s -     14.734k in  30.082943s
+         nokogiri-md     85.013 (± 8.2%) i/s -      2.024k in  52.257472s
+       nokolexbor-md    416.074 (±11.1%) i/s -     12.341k in  30.111613s
+            selma-md    361.471 (± 4.7%) i/s -     10.830k in  30.033997s
 Comparison:
-            selma-md:      492.2 i/s
-       nokolexbor-md:      428.9 i/s - same-ish: difference falls within error
-         nokogiri-md:      104.0 i/s - 4.73x  slower
+       nokolexbor-md:      416.1 i/s
+            selma-md:      361.5 i/s - same-ish: difference falls within error
+         nokogiri-md:       85.0 i/s - 4.89x  slower
 input size = 7172510 bytes, 7.17 MB
@@ -297,14 +305,14 @@ Warming up --------------------------------------
        nokolexbor-lg     1.000 i/100ms
             selma-lg     1.000 i/100ms
 Calculating -------------------------------------
-         nokogiri-lg      0.874 (± 0.0%) i/s -     27.000 in  30.921090s
-       nokolexbor-lg      2.227 (± 0.0%) i/s -     67.000 in  30.137903s
-            selma-lg      8.354 (± 0.0%) i/s -    251.000 in  30.075227s
+         nokogiri-lg      0.805 (± 0.0%) i/s -     25.000 in  31.148730s
+       nokolexbor-lg      2.194 (± 0.0%) i/s -     66.000 in  30.278108s
+            selma-lg      5.541 (± 0.0%) i/s -    166.000 in  30.037197s
 Comparison:
-            selma-lg:        8.4 i/s
-       nokolexbor-lg:        2.2 i/s - 3.75x  slower
-         nokogiri-lg:        0.9 i/s - 9.56x  slower
+            selma-lg:        5.5 i/s
+       nokolexbor-lg:        2.2 i/s - 2.53x  slower
+         nokogiri-lg:        0.8 i/s - 6.88x  slower
 </pre>
 </details>
 <!-- prettier-ignore-end -->

data/ext/selma/src/rewriter.rs CHANGED Viewed

@@ -273,10 +273,8 @@ impl SelmaRewriter {
         let binding = self.0.borrow();
         let mut sanitizer_document_content_handlers: Vec<DocumentContentHandlers> = vec![];
-        let mut sanitizer_initial_element_content_handlers: Vec<(
-            Cow<Selector>,
-            ElementContentHandlers,
-        )> = vec![];
+        let mut sanitizer_element_content_handlers: Vec<(Cow<Selector>, ElementContentHandlers)> =
+            vec![];
         match &binding.sanitizer {
             None => (),
@@ -293,7 +291,7 @@ impl SelmaRewriter {
                         Ok(())
                     }));
                 }
-                sanitizer_initial_element_content_handlers.push(element!("*", |el| {
+                sanitizer_element_content_handlers.push(element!("*", |el| {
                     sanitizer.try_remove_element(el);
                     if el.removed() {
                         return Ok(());
@@ -311,7 +309,7 @@ impl SelmaRewriter {
         match Self::perform_handler_rewrite(
             self,
             sanitizer_document_content_handlers,
-            sanitizer_initial_element_content_handlers,
+            sanitizer_element_content_handlers,
             handlers,
             html,
         ) {
@@ -367,7 +365,7 @@ impl SelmaRewriter {
     pub fn perform_handler_rewrite(
         &self,
         sanitizer_document_content_handlers: Vec<DocumentContentHandlers>,
-        sanitizer_initial_element_content_handlers: Vec<(Cow<Selector>, ElementContentHandlers)>,
+        sanitizer_element_content_handlers: Vec<(Cow<Selector>, ElementContentHandlers)>,
         handlers: &[Handler],
         html: String,
     ) -> Result<Vec<u8>, magnus::Error> {
@@ -453,14 +451,25 @@ impl SelmaRewriter {
             }));
         });
-        element_content_handlers.extend(sanitizer_initial_element_content_handlers);
-        Self::run_rewrite(
+        let rewritten_html = Self::run_rewrite(
             self,
             sanitizer_document_content_handlers,
             element_content_handlers,
             html.as_bytes(),
-        )
+        );
+        // sanitization must happen separately, because text chunks
+        // could potentially have rewritten the html. ideally we'd
+        // be able to sanitize around the `process_text_handlers` call
+        match rewritten_html {
+            Ok(rewritten_html) => Self::run_rewrite(
+                self,
+                vec![],
+                sanitizer_element_content_handlers,
+                rewritten_html.as_slice(),
+            ),
+            Err(err) => Err(err),
+        }
     }
     fn run_rewrite(

data/lib/selma/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Selma
-  VERSION = "0.4.0"
+  VERSION = "0.4.1"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selma
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Garen J. Torikian