Add gitignore based on previous svn:ignore props.
[htmlpurifier-web.git] / sucks.xhtml
blobae2c9f4c60c1b8948a948de933a18a82a60a5d24
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml"
5 xmlns:xi="http://www.w3.org/2001/XInclude"
6 xmlns:xc="urn:xhtml-compiler"
7 xmlns:svn="urn:xhtml-compiler:Subversion"
8 svn:head-url="$HeadURL: svn+ssh://ezyang@htmlpurifier.org/svnroot/htmlpurifier-web/trunk/comparison.xhtml $"
9 svn:revision="$Revision: 1389 $"
10 xc:rss-from-svn="yes"
11 xml:lang="en">
12 <head>
13 <title>HTML Purifier Sucks - HTML Purifier</title>
14 <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
15 <meta name="keywords" content="HTMLPurifier, HTML Purifier, HTML, filter, sucks, devils advocate, evil, bad" />
16 </head>
17 <body>
19 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
20 <h1 id="title">HTML Purifier Sucks</h1>
22 <div id="content">
24 <blockquote class="fancy">
25 <div class="quote">
26 ...needless to say, I don't think I'll bother investigating further!
27 </div>
28 <div class="origin">
29 &mdash; Stormrider on <a href="http://www.sitepoint.com/forums/showpost.php?p=3621314&amp;postcount=119">SitePoint Forums</a>
30 </div>
31 </blockquote>
33 <p>
34 Contrary to what <a href="comparison.html">this comparison page</a>
35 suggests, HTML Purifier sucks. It swallows oceans, it drinks blood,
36 and it is more effective than your dust-busting Hoover 3000. Why does it
37 suck? How can we make it un-sucky?
38 </p>
40 <div class="warning">
41 This document is currently under construction.
42 </div>
44 <div id="toc" />
46 <h2>Bloat</h2>
48 <p>
49 As of version 2.1.3, HTML Purifier's library folder contains
50 <strong>164 files</strong> in <strong>30 folders</strong>, weighing
51 at about 696 kilobytes. For comparison, the CodeIgniter
52 web application framework contains 147 files, 29 folders and weighs
53 902 kilobytes.
54 </p>
56 <p>
57 These back-of-a-napkin statistics are very telling about HTML Purifier's
58 internal architecture: object-oriented, one class per file and small
59 components, to the extreme. It also works against HTML Purifier when
60 it comes to the performance department. For most input strings, the
61 memory footprint from this library's source code is higher than the
62 memory used actually processing the HTML (four megabytes,
63 <a href="http://forums.devnetwork.net/viewtopic.php?p=405175#405175">last I checked</a>.)
64 </p>
66 <h2>Performance</h2>
68 <p>
69 HTML Purifier is extremely slow. Various benchmarks have shown HTML
70 Purifier to be an order of a magnitude slower than comparable solutions.
71 </p>
73 <h2>Whitespace</h2>
75 <p>
76 The <a href="http://www.sitepoint.com/forums/showpost.php?p=3621314&amp;postcount=119">Stormrider
77 quote</a> at the very beginning of this document is for one very
78 specific problem: whitespace.
79 </p>
81 <h2>Data-loss</h2>
83 <p>
84 It is trivially easy to nuke the contents of a document by inserting
85 a <code>&lt;/div&gt;</code> tag near the beginning, when DOMLex
86 is being used.
87 </p>
89 </div>
90 </body>
91 </html>