3 also known as the HELP ME LIBRARY IS TOO SLOW MY PAGE TAKE TOO LONG LOAD page
5 HTMLPurifier is a very powerful library. But with power comes great
6 responsibility, or, at least, longer execution times. Remember, this
7 library isn't lightly grazing over submitted HTML: it's deconstructing
8 the whole thing, rigorously checking the parts, and then putting it
11 So, if it so turns out that HTMLPurifier is kinda too slow for outbound
12 filtering, you've got a few options:
14 1. Inbound filtering - perform filtering of HTML when it's submitted by the
15 user. Since the user is already submitting something, an extra half a
16 second tacked on to the load time probably isn't going to be that huge of
17 a problem. Then, displaying the content is a simple a manner of outputting
18 it directly from your database/filesystem. The trouble with this method is
19 that your user loses the original text, and when doing edits, will be
20 handling the filtered text. While this may be a good thing, especially if
21 you're using a WYSIWYG editor, it can also result in data-loss if a user
22 expects a certain to be available but it doesn't.
24 2. Caching the filtered output - accept the submitted text and put it
25 unaltered into the database, but then also generate a filtered version and
26 stash that in the database. Serve the filtered version to readers, and the
27 unaltered version to editors. If need be, you can invalidate the cache and
28 have the cached filtered version be regenerated on the first page view. Pros?
29 Full data retention. Cons? It's more complicated, and opens other editors
30 up to XSS if they are using a WYSIWYG editor (to fix that, they'd have to
31 be able to get their hands on the *really* original text served in plaintext
34 In short, inbound filtering is almost as simple as outbound filtering, but
35 it has some drawbacks which cannot be fixed unless you save both the original
36 and the filtered versions.
38 There is a third option: profile and optimize HTMLPurifier yourself. Be sure
39 to tell me if you decide to do that! ;-)