Optimize CGI.escapeHTML for ASCII-compatible encodings #1164

k0kubun · 2015-12-20T10:45:09Z

As commented in #156 (comment), I rewrote CGI.escapeHTML in C, which is used by ERB::Util#html_escape.
Since escaping HTML is expensive in rendering a template, I want it to be faster.
For now, I optimized it only for strings whose encoding is ASCII-compatible.

With this benchmark https://gist.github.com/k0kubun/b6af6062bc876190e280, it's about 7 times faster than original implementation in escaping html.

$ ruby bench_escape_html.rb
Calculating -------------------------------------
              before    11.448k i/100ms
               after    31.189k i/100ms
-------------------------------------------------
              before    216.403k (± 7.0%) i/s -      2.152M
               after      1.637M (±10.0%) i/s -     16.125M

Comparison:
               after:  1637408.5 i/s
              before:   216403.5 i/s - 7.57x slower

nobu · 2015-12-20T11:07:36Z

ext/cgi/escape/escape.c

this function returns no values.

Thank you. Fixed in k0kubun@39cdd83.

nobu · 2015-12-20T11:17:40Z

ext/cgi/escape/escape.c

the encoding of str is ignored and dest is always ASCII-8BIT.

I changed it to associate original encoding and added test case for it in k0kubun@2162835.

knu · 2015-12-24T14:39:42Z

How much is the final performance gain after fixing the return value not being duped when no replacement takes place?

k0kubun · 2015-12-24T15:46:04Z

You can check performance gain with this benchmark https://gist.github.com/k0kubun/8e1c7efb1e29991e1382.

This is the result of ruby compiled from latest revision b58b970.

$ ruby bench_escape.rb "'&\"<>"
Escape: '&"<>
Calculating -------------------------------------
              before    15.457k i/100ms
               after    63.931k i/100ms
-------------------------------------------------
              before    199.975k (± 5.1%) i/s -      1.005M
               after      1.453M (± 5.8%) i/s -      7.288M

Comparison:
               after:  1453098.6 i/s
              before:   199974.8 i/s - 7.27x slower

$ ruby bench_escape.rb "hello world"
Escape: hello world
Calculating -------------------------------------
              before    56.973k i/100ms
               after   100.344k i/100ms
-------------------------------------------------
              before      1.474M (± 6.1%) i/s -      7.350M
               after      4.419M (± 7.3%) i/s -     21.975M

Comparison:
               after:  4419281.2 i/s
              before:  1473860.3 i/s - 3.00x slower

knu · 2015-12-24T16:33:21Z

Thanks. So, the new implementation is 3x faster even in the worst cases. Great job!

* cgi/escape/escape.c: Optimize CGI.escapeHTML for ASCII-compatible encodings. [Fix rubyGH-1164] git-svn-id: svn+ssh://svn.ruby-lang.org/ruby/trunk@53220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

See ruby/ruby#1164

Optimize CGI.escapeHTML for ASCII-compatible encodings

a739e46

nobu reviewed Dec 20, 2015
View reviewed changes

Fix return value's type of html_escaped_cat

39cdd83

nobu reviewed Dec 20, 2015
View reviewed changes

k0kubun added 2 commits December 20, 2015 11:21

Remove an unused variable

87a0be2

Fix encoding of modified return value

2162835

k0kubun force-pushed the c-escape-html branch from 419f087 to 2162835 Compare December 20, 2015 11:30

nobu closed this in ce7f7f5 Dec 20, 2015

k0kubun deleted the c-escape-html branch December 20, 2015 11:56

This was referenced Dec 21, 2015

Use CGI.escapeHTML for html escape rails/rails#22722

Merged

Preserve original state for tainted and frozen #1166

Closed

floehopper mentioned this pull request Feb 16, 2016

Update to Smart Answers to use Ruby version 2.3 alphagov/smart-answers#2269

Closed

skunkworker mentioned this pull request Feb 18, 2016

Add support for Ruby 2.3 native CGI.escapeHTML. judofyr/temple#97

Closed

floehopper mentioned this pull request Mar 9, 2016

Upgrade from Ruby v2.2.4 to v2.3.0 alphagov/smart-answers#2345

Merged

headius mentioned this pull request Apr 20, 2016

Remaining 2.3 checklist items not in JRuby 9.1 jruby/jruby#3816

Open

23 tasks

k0kubun mentioned this pull request Feb 8, 2017

Proposal: Simplify HTML escaping haml/haml#901

Closed

k0kubun added a commit to k0kubun/haml that referenced this pull request Feb 8, 2017

Optimize HTML escape using ERB::Util.html_escape

9911547

See ruby/ruby#1164

k0kubun mentioned this pull request Feb 26, 2017

Use ERB::Util.h instead of gsub for HTML escape jeremyevans/erubi#4

Merged

k0kubun mentioned this pull request Feb 19, 2021

HAML+Rails can lead to doubly escaped attributes haml/haml#1051

Closed

JunichiIto mentioned this pull request Jul 22, 2023

Delegate Rack::Utils.escape_html to CGI.escapeHTML rack/rack#2099

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Optimize CGI.escapeHTML for ASCII-compatible encodings #1164

Optimize CGI.escapeHTML for ASCII-compatible encodings #1164

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Optimize CGI.escapeHTML for ASCII-compatible encodings #1164

Optimize CGI.escapeHTML for ASCII-compatible encodings #1164

Uh oh!

Conversation

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants