🎉 feat: sanitize

Author: SaltyAom

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 0.1.0 - 5 Feb 2025
+Feature:
+- replace `arrayItems.join('",\"')` in favour of inline `joinStringArray` to improve performance
+- add `sanitize` option for handling unsafe character
+	- new behavior is `sanitize`, previously is equivalent to `manual`
+- support inline a literal value
+
 # 0.0.2 - 4 Feb 2025
 Feature:
 - support integer, bigint, date, datetime

README.md

@@ -5,16 +5,16 @@ Accelerate JSON stringification by providing OpenAPI/TypeBox model.
 By providing model ahead of time, the library will generate a function that will serialize the object into a JSON string.
 
 ```
-$ npx tsx benchmarks/medium.ts
+$ npx tsx benchmarks/medium-manual.ts
 
 clk: ~3.02 GHz
 cpu: Apple M1 Max
 runtime: node 22.6.0 (arm64-darwin)
 
 summary
   JSON Accelerator
-   1.8x faster than JSON Stingify
-   2.15x faster than Fast Json Stringify
+   2.12x faster than JSON Stingify
+   2.66x faster than Fast Json Stringify
 ```
 
 ## Installation
@@ -52,7 +52,7 @@ console.log(encode(value)) // {"id":0,"name":"saltyaom"}
 
 ## Caveat
 
-This library **WILL NOT** check for the validity of the schema, it is expected that the schema is **always** correct.
+This library **WILL NOT** check for the type validity of the schema, it is expected that the schema is **always** correct.
 
 This can be achieved by checking the input validity with TypeBox before passing it to the accelerator.
 
@@ -78,3 +78,62 @@ if (guard.Check(value)) encode(value)
 ```
 
 If the shape is incorrect, the output will try to corece the value into an expected model but if failed the error will be thrown.
+
+## Options
+
+This section is used to configure the behavior of the encoder.
+
+`Options` can be passed as a second argument to `createAccelerator`.
+
+```ts
+createAccelerator(shape, {
+	unsafe: 'throw'
+})
+```
+
+## Unsafe
+
+If unsafe character is found, how should the encoder handle it?
+
+This value only applied to string field.
+
+- `'auto'`: Sanitize the string and continue encoding
+- `'manual'`: Ignore the unsafe character, this implied that end user should specify fields that should be sanitized manually
+- `'throw'`: Throw an error
+
+The default behavior is `auto`.
+
+### format sanitize
+
+Since this library is designed for a controlled environment (eg. Restful API), most fields are controlled by end user which doesn't include unsafe characters for JSON encoding.
+
+We can improve performance by specifying a `sanitize: 'manual'` and provide a field that should be sanitized manually.
+
+We can add `sanitize: true` to a schema which is an uncontrolled field submit by user that might contains unsafe characters.
+
+When a field is marked as `sanitize`, the encoder will sanitize the string and continue encoding regardless of the `unsafe` configuration.
+
+```ts
+import { Type as t } from '@sinclair/typebox'
+import { createAccelerator } from 'json-accelerator'
+
+const shape = t.Object({
+	name: t.String(),
+	id: t.Number(),
+	unknown: t.String({ sanitize: true })
+})
+
+const value = {
+	id: 0,
+	name: 'saltyaom',
+	unknown: `hello\nworld`
+} satisfies typeof shape.static
+
+const encode = createAccelerator(shape, {
+	sanitize: 'manual'
+})
+
+console.log(encode(value)) // {"id":0,"name":"saltyaom","unknown":"hello\\nworld"}
+```
+
+This allows us to speed up a hardcode

benchmarks/large-manual.ts

@@ -0,0 +1,175 @@
+/**
+ * *-manual.ts is where end user specifiy which fields should be sanitized manually
+ **/
+
+import { t } from 'elysia'
+import { benchmark } from './utils'
+
+benchmark(
+	t.Array(
+		t.Object({
+			id: t.Number(),
+			name: t.String(),
+			bio: t.String({
+				sanitize: true
+			}),
+			user: t.Object({
+				name: t.String(),
+				password: t.String(),
+				email: t.Optional(t.String({ format: 'email' })),
+				age: t.Optional(t.Number()),
+				avatar: t.Optional(t.String({ format: 'uri' })),
+				cover: t.Optional(t.String({ format: 'uri' }))
+			}),
+			playing: t.Optional(t.String()),
+			wishlist: t.Optional(t.Array(t.Number())),
+			games: t.Array(
+				t.Object({
+					id: t.Number(),
+					name: t.String(),
+					hoursPlay: t.Optional(t.Number({ default: 0 })),
+					tags: t.Array(
+						t.Object({
+							name: t.String(),
+							count: t.Number()
+						})
+					)
+				})
+			),
+			metadata: t.Intersect([
+				t.Object({
+					alias: t.String()
+				}),
+				t.Object({
+					country: t.Nullable(t.String()),
+					region: t.Optional(t.String())
+				})
+			]),
+			social: t.Optional(
+				t.Object({
+					facebook: t.Optional(t.String()),
+					twitter: t.Optional(t.String()),
+					youtube: t.Optional(t.String())
+				})
+			)
+		})
+	),
+	[
+		{
+			id: 1,
+			name: 'SaltyAom',
+			bio: 'I like train\n',
+			user: {
+				name: 'SaltyAom',
+				password: '123456',
+				avatar: 'https://avatars.githubusercontent.com/u/35027979?v=4',
+				cover: 'https://saltyaom.com/cosplay/pekomama.webp'
+			},
+			playing: 'Strinova',
+			wishlist: [4_154_456, 2_345_345],
+			games: [
+				{
+					id: 4_154_456,
+					name: 'MiSide',
+					hoursPlay: 17,
+					tags: [
+						{ name: 'Psychological Horror', count: 236_432 },
+						{ name: 'Cute', count: 495_439 },
+						{ name: 'Dating Sim', count: 395_532 }
+					]
+				},
+				{
+					id: 4_356_345,
+					name: 'Strinova',
+					hoursPlay: 365,
+					tags: [
+						{ name: 'Free to Play', count: 205_593 },
+						{ name: 'Anime', count: 504_304 },
+						{ name: 'Third-Person Shooter', count: 395_532 }
+					]
+				},
+				{
+					id: 2_345_345,
+					name: "Tom Clancy's Rainbow Six Siege",
+					hoursPlay: 287,
+					tags: [
+						{ name: 'FPS', count: 855_324 },
+						{ name: 'Multiplayer', count: 456_567 },
+						{ name: 'Tactical', count: 544_467 }
+					]
+				}
+			],
+			metadata: {
+				alias: 'SaltyAom',
+				country: 'Thailand',
+				region: 'Asia'
+			},
+			social: {
+				twitter: 'SaltyAom'
+			}
+		},
+		{
+			id: 2,
+			name: 'VLost',
+			bio: 'ไม่พี่คืองี้\n',
+			user: {
+				name: 'nattapon_kub',
+				password: '123456'
+			},
+			games: [
+				{
+					id: 4_154_456,
+					name: 'MiSide',
+					hoursPlay: 17,
+					tags: [
+						{ name: 'Psychological Horror', count: 236_432 },
+						{ name: 'Cute', count: 495_439 },
+						{ name: 'Dating Sim', count: 395_532 }
+					]
+				},
+				{
+					id: 4_356_345,
+					name: 'Strinova',
+					hoursPlay: 365,
+					tags: [
+						{ name: 'Free to Play', count: 205_593 },
+						{ name: 'Anime', count: 504_304 },
+						{ name: 'Third-Person Shooter', count: 395_532 }
+					]
+				}
+			],
+			metadata: {
+				alias: 'vlost',
+				country: 'Thailand'
+			}
+		},
+		{
+			id: 2,
+			name: 'eika',
+			bio: 'こんにちわ！',
+			user: {
+				name: 'ei_ka',
+				password: '123456'
+			},
+			games: [
+				{
+					id: 4_356_345,
+					name: 'Strinova',
+					hoursPlay: 365,
+					tags: [
+						{ name: 'Free to Play', count: 205_593 },
+						{ name: 'Anime', count: 504_304 },
+						{ name: 'Third-Person Shooter', count: 395_532 }
+					]
+				}
+			],
+			metadata: {
+				alias: 'eika',
+				country: 'Japan'
+			}
+		}
+	],
+	{
+		sanitize: 'manual'
+	}
+)

benchmarks/medium-manual.ts

@@ -0,0 +1,79 @@
+/**
+ * *-manual.ts is where end user specifiy which fields should be sanitized manually
+ **/
+
+import { t } from 'elysia'
+import { benchmark } from './utils'
+
+benchmark(
+	t.Object({
+		id: t.Number(),
+		name: t.Literal('SaltyAom'),
+		bio: t.String({
+			sanitize: true
+		}),
+		user: t.Object({
+			name: t.String(),
+			password: t.String()
+		}),
+		playing: t.Optional(t.String()),
+		games: t.Array(
+			t.Object({
+				name: t.String(),
+				hoursPlay: t.Number({ default: 0 }),
+				tags: t.Array(t.String())
+			})
+		),
+		metadata: t.Intersect([
+			t.Object({
+				alias: t.String()
+			}),
+			t.Object({
+				country: t.Nullable(t.String())
+			})
+		]),
+		social: t.Optional(
+			t.Object({
+				facebook: t.Optional(t.String()),
+				twitter: t.Optional(t.String()),
+				youtube: t.Optional(t.String())
+			})
+		)
+	}),
+	{
+		id: 1,
+		name: 'SaltyAom',
+		bio: 'I like train\n',
+		user: {
+			name: 'SaltyAom',
+			password: '123456'
+		},
+		games: [
+			{
+				name: 'MiSide',
+				hoursPlay: 17,
+				tags: ['Psychological Horror', 'Cute', 'Dating Sim']
+			},
+			{
+				name: 'Strinova',
+				hoursPlay: 365,
+				tags: ['Free to Play', 'Anime', 'Third-Person Shooter']
+			},
+			{
+				name: "Tom Clancy's Rainbow Six Siege",
+				hoursPlay: 287,
+				tags: ['FPS', 'Multiplayer', 'Tactical']
+			}
+		],
+		metadata: {
+			alias: 'SaltyAom',
+			country: 'Thailand'
+		},
+		social: {
+			twitter: 'SaltyAom'
+		}
+	},
+	{
+		sanitize: 'manual'
+	}
+)

benchmarks/medium.ts

@@ -5,7 +5,9 @@ benchmark(
 	t.Object({
 		id: t.Number(),
 		name: t.Literal('SaltyAom'),
-		bio: t.String(),
+		bio: t.String({
+			sanitize: true
+		}),
 		user: t.Object({
 			name: t.String(),
 			password: t.String()
@@ -37,7 +39,7 @@ benchmark(
 	{
 		id: 1,
 		name: 'SaltyAom',
-		bio: 'I like train',
+		bio: 'I like train\nhere',
 		user: {
 			name: 'SaltyAom',
 			password: '123456'

benchmarks/quote.ts

@@ -0,0 +1,15 @@
+import { t } from 'elysia'
+import { benchmark } from './utils'
+
+benchmark(
+	t.Object({
+		id: t.String({
+			format: 'input'
+		}),
+		name: t.String()
+	}),
+	{
+		id: '\n',
+		name: 'SaltyAom'
+	}
+)