-
Notifications
You must be signed in to change notification settings - Fork 1.1k
HtmlEscapeValue shouldn't create dom elements #1843
Comments
Making this change will affect the end result of some special html encoded entities by turning them into numbers. |
Phew, well. First of all thank you reporting and getting in touch. Although I get your point, I have a problem of parsing with a regex HTML code for some critical steps like escaping.
While we talking, you can test yourself if this working using a custom strategy using the corresponding provider: https://angular-translate.github.io/docs/#/api/pascalprecht.translate.$translateSanitizationProvider |
Thanks for the quick reply, Jan. Do you have a way of testing a "complete suite running in different environments"? I assume by different environments you mean browsers, correct? I would be happy to test this out - is there a list of supported browsers somewhere? This will convert all unicode chars with a charcode of 0000-9999. I believe this should cover well over the html characters. I'll play around with the trnaslateSanitizationProvider and let you know if I need help. |
@eliranek1 Different environments are browsers in our case, effectively, yes. We have no explicit list of browsers, but have very moderate support which is also caused by the supported AngularJS versions. Regarding the actual performance, something like https://www.measurethat.net But both depends on the input. |
I created a quick perf test on measurethat.net please check out the results in the meantime. Looks to be almost 4x faster: |
The results above were from chrome 66. Edge 41: Firefox 59: IE11: |
@knalli I'm not quite sure what you want me to do with the translateSanitizationProvider. Can you please provide a little more detail? I created a test app that does two things:
I have attached this test app for your review. |
@eliranek1 This allows you adding custom strategies for escaping. A example is in my showcase. |
Please provide demos in a fully working manner, we have already blueprints for this:
|
And thank you for the perf demos already. As I said already, I'm still unsure about the coverage of all bad input. I simply not trust the pattern yet, needs more time for this. ;) |
var htmlEscapeValue = function (value) {
if (value == null) {
return null;
}
return value.replace(/&/g, "&")
.replace(/"/g, """)
.replace(/</g, "<")
.replace(/>/g, ">");
}; it is only needed to escape 4 characters, well double quote is only needs to be escaped in attributes. |
Subject of the issue
htmlEscapeValue creates elements in order to html encode a value. This is a hack that we can work around as it bloats blink_gc memory and is less performant.
Your environment
2.8.1
1.5.5
Chrome 65
Steps to reproduce
Expected behaviour
No extra dom elements should get created
Actual behaviour
It creates a div.
###Proposed Change###
var regex = /[\u00A0-\u9999<>&]/gim;
var htmlEscapeValue = function (value) {
return value.replace(regex, ['&#', "$&".charCodeAt(0),';'].join(''));
};
Related SO question:
https://stackoverflow.com/questions/18749591/encode-html-entities-in-javascript
###Impact###
Perf:
Running through 14k different strings to get translated takes about 145ms on baseline, with the proposed fix it goes down to 30ms.
Memory:
Running about 1500 translations on our app showed a decrease of about 5MB in private bytes. 2.2MB of which were from blink_gc which is Chromes dom element allocator.
The text was updated successfully, but these errors were encountered: