Update xhtml-compiler to note have infinite loop with update.php force.
[htmlpurifier-web.git] / sucks.xhtml
blob2d8c3eaa483652b26a307677ce56309adf66a4bf
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
4 <html xmlns="http://www.w3.org/1999/xhtml"
5 xmlns:xi="http://www.w3.org/2001/XInclude"
6 xmlns:xc="urn:xhtml-compiler"
7 xml:lang="en">
8 <head>
9 <title>HTML Purifier Sucks - HTML Purifier</title>
10 <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
11 <meta name="keywords" content="HTMLPurifier, HTML Purifier, HTML, filter, sucks, devils advocate, evil, bad" />
12 </head>
13 <body>
15 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
16 <h1 id="title">HTML Purifier Sucks</h1>
18 <div id="content">
20 <blockquote class="fancy">
21 <div class="quote">
22 ...needless to say, I don't think I'll bother investigating further!
23 </div>
24 <div class="origin">
25 &mdash; Stormrider on <a href="http://www.sitepoint.com/forums/showpost.php?p=3621314&amp;postcount=119">SitePoint Forums</a>
26 </div>
27 </blockquote>
29 <p>
30 Contrary to what <a href="comparison.html">this comparison page</a>
31 suggests, HTML Purifier sucks. It swallows oceans, it drinks blood,
32 and it is more effective than your dust-busting Hoover 3000. Why does it
33 suck? How can we make it un-sucky?
34 </p>
36 <div class="warning">
37 This document is currently under construction.
38 </div>
40 <div id="toc" />
42 <h2>Bloat</h2>
44 <p>
45 As of version 2.1.3, HTML Purifier's library folder contains
46 <strong>164 files</strong> in <strong>30 folders</strong>, weighing
47 at about 696 kilobytes. For comparison, the CodeIgniter
48 web application framework contains 147 files, 29 folders and weighs
49 902 kilobytes.
50 </p>
52 <p>
53 These back-of-a-napkin statistics are very telling about HTML Purifier's
54 internal architecture: object-oriented, one class per file and small
55 components, to the extreme. It also works against HTML Purifier when
56 it comes to the performance department. For most input strings, the
57 memory footprint from this library's source code is higher than the
58 memory used actually processing the HTML (four megabytes,
59 <a href="http://forums.devnetwork.net/viewtopic.php?p=405175#405175">last I checked</a>.)
60 </p>
62 <h2>Performance</h2>
64 <p>
65 HTML Purifier is extremely slow. Various benchmarks have shown HTML
66 Purifier to be an order of a magnitude slower than comparable solutions.
67 </p>
69 <h2>Whitespace</h2>
71 <p>
72 The <a href="http://www.sitepoint.com/forums/showpost.php?p=3621314&amp;postcount=119">Stormrider
73 quote</a> at the very beginning of this document is for one very
74 specific problem: whitespace.
75 </p>
77 <h2>Data-loss</h2>
79 <p>
80 It is trivially easy to nuke the contents of a document by inserting
81 a <code>&lt;/div&gt;</code> tag near the beginning, when DOMLex
82 is being used.
83 </p>
85 </div>
86 </body>
87 </html>