int TryGeneratedCssEncode_F(string input, out string output)
{
try
{
var res = CssEncode_F.Apply(input);
output = res;
return(0);
}
catch (Exception e)
{
if (e.Message == "InvalidSurrogatePairException")
{
output = null;
return(1);
}
else if (e.Message == "InvalidUnicodeValueException")
{
output = null;
return(2);
}
else
{
throw e;
}
}
}
public void TestGeneratedCssEncodePerformance()
{
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert("^.{100,}$"); //at least 50 chars
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
A = A.Intersect(utf16, css);
//css.Chooser.RandomSeed = 123;
List<string> samples = new List<string>();
//construct a sample set of 100000 strings of length >= 50 that are valid inputs
while (samples.Count < 100)
{
string input = css.GenerateMember(A);//margus
samples.Add(input);
// if (TryActualCssEncode(input, out tmp) == 0)
// samples.Add(input);
}
//now use the sample set for performace comparison
var antiXssTimes = new List<int>();
var CssEncodeTimes = new List<int>();
var CssEncodeTimes_B = new List<int>();
var CssEncodeTimes_F = new List<int>();
int NrOfReps = 100;
for (int j = 0; j < NrOfReps; j++)
{
//the AntiXss encoder
int t_AntiXss = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(samples[i]);
}
t_AntiXss = System.Environment.TickCount - t_AntiXss;
antiXssTimes.Add(t_AntiXss);
//generated encoder without exploration
int t_CssEncode = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode.Apply(samples[i]);
}
t_CssEncode = System.Environment.TickCount - t_CssEncode;
CssEncodeTimes.Add(t_CssEncode);
//generated encoder with Boolean exploration
int t_CssEncode_B = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_B.Apply(samples[i]);
}
t_CssEncode_B = System.Environment.TickCount - t_CssEncode_B;
CssEncodeTimes_B.Add(t_CssEncode_B);
//generated encoder with Full exploration
int t_CssEncode_F = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_F.Apply(samples[i]);
}
t_CssEncode_F = System.Environment.TickCount - t_CssEncode_F;
CssEncodeTimes_F.Add(t_CssEncode_F);
}
//compute the average times
int antiXssTime = ComputeAverage(antiXssTimes);
int CssEncodeTime = ComputeAverage(CssEncodeTimes);
int CssEncodeTime_B = ComputeAverage(CssEncodeTimes_B);
int CssEncodeTime_F = ComputeAverage(CssEncodeTimes_F);
double[] stdevs = CombinedStandardDeviation(antiXssTimes, CssEncodeTimes, CssEncodeTimes_B, CssEncodeTimes_F);
Console.WriteLine("antiXssTime={0}, CssEncodeTime={1}, CssEncodeTime_B={2}, CssEncodeTime_F={3}, stddvAntiXSS={4}, stddvCssEncode={5}, stddvCssEncodeB={6}, stddvCssEncodeF={7}",
antiXssTime, CssEncodeTime, CssEncodeTime_B, CssEncodeTime_F, stdevs[0], stdevs[1], stdevs[2], stdevs[3]);
}