SugarBean->cleanBean performance issue #4181

New issue

Open

opened 2026-02-20 16:14:37 -05:00 by deekerman · 2 comments

deekerman commented 2026-02-20 16:14:37 -05:00

Owner

Copy link

Originally created by @PedroErnst on GitHub (Dec 31, 2019).

The cleanBean function has a negative impact on performance.

Issue

Inside the bean save function cleanBean() is called to remove potentially malicious code. This function will call SugarCleaner::cleanHtml() on every text, html or varchar field on the bean.
The problem lies in that this function creates a new HtmlSanitizer object each time, and the constructor of HtmlSanitizer is badly bloated, executing a lot of things which would probably only need to run once per page load, not dozens of times per save operation.

On some test on my local cleanBean() was taking as much as 80% of the total time spent in the save() function.

Now this would hardly be noticeable in many of the regular CRM interactions, loading a page, a listview, detailview, saving a single record... etc, but there's a few functionalities where it really tanks performance: Importer and Mass Update.

The HtmlSanitizer constructor can probably be refactored to do less things, or converted into a singleton class to avoid being instantiated every time.

Expected Behavior

cleanBean() should be fast, it's essentially string processing.

Actual Behavior

cleanBean() takes an unreasonable amount of time to run.

Possible Fix

Refactor HtmlSanitizer to be singleton class, or make the constructor leaner.

Steps to Reproduce

1. Profile SugarBean->save()

Your Environment

• SuiteCRM Version used: SuiteAssured 2.0.5, SuiteCRM 7.10.22
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Any
• Environment name and version (e.g. MySQL, PHP 7): Any
• Operating System and version (e.g Ubuntu 16.04): Any

Originally created by @PedroErnst on GitHub (Dec 31, 2019). <!--- Provide a general summary of the issue in the **Title** above --> <!--- Before you open an issue, please check if a similar issue already exists or has been closed before. ---> <!--- If you have discovered a security risk please report it by emailing security@suitecrm.com. This will be delivered to the product team who handle security issues. Please don't disclose security bugs publicly until they have been handled by the security team. ---> The `cleanBean` function has a negative impact on performance. #### Issue <!--- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug --> <!--- Ensure that all code ``` is surrounded ``` by triple back quotes. This can also be done over multiple lines --> Inside the bean save function `cleanBean()` is called to remove potentially malicious code. This function will call `SugarCleaner::cleanHtml()` on every text, html or varchar field on the bean. The problem lies in that this function creates a new `HtmlSanitizer` object each time, and the constructor of `HtmlSanitizer` is badly bloated, executing a lot of things which would probably only need to run once per page load, not dozens of times per save operation. On some test on my local `cleanBean()` was taking as much as 80% of the total time spent in the `save()` function. Now this would hardly be noticeable in many of the regular CRM interactions, loading a page, a listview, detailview, saving a single record... etc, but there's a few functionalities where it really tanks performance: Importer and Mass Update. The `HtmlSanitizer` constructor can probably be refactored to do less things, or converted into a singleton class to avoid being instantiated every time. #### Expected Behavior <!--- Tell us what should happen --> `cleanBean()` should be **fast**, it's essentially string processing. #### Actual Behavior <!--- Tell us what happens instead --> <!--- Also please check relevant logs (suitecrm.log, php error.log etc.) --> `cleanBean()` takes an unreasonable amount of time to run. #### Possible Fix <!--- Not obligatory, but suggest a fix or reason for the bug --> Refactor `HtmlSanitizer` to be singleton class, or make the constructor leaner. #### Steps to Reproduce <!--- Provide a link to a live example, or an unambiguous set of steps to --> <!--- reproduce this bug include code to reproduce, if relevant --> 1. Profile `SugarBean->save()` #### Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * SuiteCRM Version used: SuiteAssured 2.0.5, SuiteCRM 7.10.22 * Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Any * Environment name and version (e.g. MySQL, PHP 7): Any * Operating System and version (e.g Ubuntu 16.04): Any

deekerman added the

Type: Bug

Status:Fix Proposed

Priority:Important

Area: Clean Up: Performance

labels 2026-02-20 16:14:37 -05:00

deekerman commented 2026-02-20 16:14:38 -05:00

Author

Owner

Copy link

@Jason-Dang commented on GitHub (Dec 31, 2019):

This should probably be higher priority as performance should be critical IMO.

@Jason-Dang commented on GitHub (Dec 31, 2019): This should probably be higher priority as performance should be critical IMO.

deekerman commented 2026-02-20 16:14:38 -05:00

Author

Owner

Copy link

@Dillon-Brown commented on GitHub (Dec 31, 2019):

@Jason-Dang I'm thinking we probably need a label specifically for performance, I also didn't like giving this one just "Clean-Up" and "Low Priority".

In terms of the priority labels though, the performance would need to be bad enough that it's timing out / unusable to be worth marking higher. At the moment we have roughly 15 high priority blockers with limited or no-workaround that need to be tackled first before we can even start thinking about performance bugs imo.

@Dillon-Brown commented on GitHub (Dec 31, 2019): @Jason-Dang I'm thinking we probably need a label specifically for performance, I also didn't like giving this one just "Clean-Up" and "Low Priority". In terms of the priority labels though, the performance would need to be bad enough that it's timing out / unusable to be worth marking higher. At the moment we have roughly [15](https://github.com/salesagility/SuiteCRM/issues?q=is%3Aopen+is%3Aissue+label%3A%22High+Priority%22) high priority blockers with limited or no-workaround that need to be tackled first before we can even start thinking about performance bugs imo.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

hotfix

develop

master

feature/php-8.4-compatibility

hotfix-7.14.x

next

feature/campaigns_revert

v7.15.0

v7.14.8

v7.14.7

v7.14.6

v7.14.5

v7.14.4

v7.14.3

v7.12.14

v7.14.2

v7.14.1

v7.12.13

v7.14.0

v7.14.0-beta

v7.13.4

v7.12.12

v7.12.11

v7.13.3

v7.12.10

v7.13.2

v7.12.9

v7.13.1

v7.13.0

v7.13.0-beta

v7.12.8

v7.12.7

v7.12.6

v7.12.5

v7.12.4

v7.12.3

v7.10.36

v7.12.2

v7.10.35

v7.12.1

v7.10.34

v7.11.23

v7.12.0

v7.12-rc

v7.11.22

v7.10.33

v7.11.21

v7.10.32

v7.11.20

v7.10.31

v7.11.19

v7.10.30

v8.0.0-beta.1

v7.10.29

v7.11.18

v7.11.17

v7.11.16

v7.10.28

v7.11.15

v7.10.27

v7.11.14

v7.10.26

v7.11.13

v7.10.25

v7.11.12

v7.10.24

v7.10.23

v7.11.11

v7.10.22

v7.11.10

v7.10.21

v7.11.9

v7.11.8

v7.10.20

v7.11.7

v7.10.19

v7.8.31

v7.10.18

v7.11.6

v7.11.5

v7.10.17

v7.8.30

v7.11.4

v7.10.16

v7.8.29

v7.11.3

v7.10.15

v7.8.28

v7.11.2

v7.10.14

v7.8.27

v7.11.1

v7.8.26

v7.10.13

v7.11.0

v7.10.12

v7.8.25

v7.11-rc-2

v7.11-rc

v7.10.11

v7.8.24

v7.11-beta

v7.10.10

v7.8.23

v7.10.9

v7.8.22

v7.10.8

v7.8.21

v7.10.7

v7.10.6

v7.8.20

v7.10.5

v7.8.19

v7.10.4

v7.10.3

v7.9.17

v7.8.18

v7.8.17

v7.10.2

v7.9.16

v7.8.16

7.9.15

v7.10.1

v7.10.0

v7.9.14

v7.8.15

v7.8.14

v7.9.13

v7.10-RC-2

v7.8.13

v7.9.12

v.7.9.11

v7.9.11

v7.8.12

v7.9.10

v7.8.11

v7.10-RC

v7.9.9

v7.8.10

v7.10-beta-3

v7.9.8

v7.8.9

v7.10-beta-2

v7.10-beta

v7.9.7

v7.8.8

v7.8.7

7.9.6

v7.9.5

v7.8.6

v7.9.4

v7.9.3

v7.9.2

v7.9.1

v7.8.5

v7.9.0

v7.8.4

v7.9.0-rc

v7.9.0-beta

v7.8.3

v7.8.2

v7.8.1

v7.8.0

v7.8.0-rc

v7.8.0-beta.2

v7.7.9

v7.8.0-beta

v7.7.8

v7.6.10

v7.7.7

v7.6.9

v7.7.6

v7.6.8

v7.7.5

v7.6.7

v7.7.4

v7.7.3

v7.7.2

v7.7.1

v7.7

v7.7-rc2

v7.7-rc

v7.6.6

v7.5.5

v7.6.5

v7.5.4

v7.7-beta2

v7.7-beta1

v7.6.4

v7.6.3

v7.6.2

v7.6.1

v7.6

v7.6-rc

v7.6-beta.2

v7.6-beta-1

v7.5.3

v7.5.2

v7.5.1

v7.5

v7.5-rc

v7.5-beta.2

v7.5-beta

v7.4.3

v7.4.2

v7.4.1

v7.4

v7.3.2

v7.4-rc

v7.4-beta.2

v7.4-beta

v7.3.1

v7.2.4

v7.3

v7.1.8

v7.3beta3

v7.2.3

v7.3-beta

v7.2.2

7.2.2

v7.1.7

7.1.7

v7.1.6

v7.2.1

v7.2

v7.2beta3

v7.1.5

v7.2beta2

v7.2beta

v7.1.4

v7.1.3

v7.1.2

v7.1.1

v7.1

v7.1RC2

v7.1RC

v7.1beta2

v7.1beta

v7.0.2

v7.0.1

Labels

Clear labels   

Area: API

  

Area: Campaigns

  

Area: Cases

  

Area: Clean Up

  

Area: Clean Up: Performance

  

Area: Dashlets

  

Area: Databases

  

Area: Developer Tools

  

Area: Elasticsearch

  

Area: Elasticsearch

  

Area: Emails

  

Area: Emails:Campaigns

  

Area: Emails:Cases

  

Area: Emails:Compose

  

Area: Emails:Config

  

Area: Emails:Templates

  

Area: Environment

  

Area: Installation

  

Area: Language

  

Area: Mobile

  

Area: Module

  

Area: PDFs

  

Area: PHP8

  

Area: Reports

  

Area: Studio

  

Area: Styling

  

Area: Upgrading

  

Area: Workflow

  

Area:Activity Stream

  

Area:Calls

  

Area:Import

  

Area:Projects

  

Area:Search

  

Area:Surveys

  

Area:Themes

  

Area:Users

  

Branch:Hotfix

  

Good First Issue

  

Hacktoberfest

  

Help Wanted

  

PR:Community Contribution

  

PR:Type:Enhancement

  

Priority:Critical

  

Priority:Important

  

Priority:Moderate

  

Severity: Major

  

Severity: Minor

  

Severity: Moderate

  

Status: Requires Code Review

  

Status: Requires Updates

  

Status: Stale

  

Status: Team Investigating

  

Status:Assessed

  

Status:Fix Proposed

  

Status:Needs Assessed

  

Status:Requires Automated Tests

  

Type: Bug

  

Type:Deprecated

  

Type:Discussion

  

Type:Duplicate

  

Type:Invalid

  

Type:Question

  

Type:Suggestion

  

Type:Suggestion

No labels

Area: API

Area: Campaigns

Area: Cases

Area: Clean Up

Area: Clean Up: Performance

Area: Dashlets

Area: Databases

Area: Developer Tools

Area: Elasticsearch

Area: Elasticsearch

Area: Emails

Area: Emails:Campaigns

Area: Emails:Cases

Area: Emails:Compose

Area: Emails:Config

Area: Emails:Templates

Area: Environment

Area: Installation

Area: Language

Area: Mobile

Area: Module

Area: PDFs

Area: PHP8

Area: Reports

Area: Studio

Area: Styling

Area: Upgrading

Area: Workflow

Area:Activity Stream

Area:Calls

Area:Import

Area:Projects

Area:Search

Area:Surveys

Area:Themes

Area:Users

Branch:Hotfix

Good First Issue

Hacktoberfest

Help Wanted

PR:Community Contribution

PR:Type:Enhancement

Priority:Critical

Priority:Important

Priority:Moderate

Severity: Major

Severity: Minor

Severity: Moderate

Status: Requires Code Review

Status: Requires Updates

Status: Stale

Status: Team Investigating

Status:Assessed

Status:Fix Proposed

Status:Needs Assessed

Status:Requires Automated Tests

Type: Bug

Type:Deprecated

Type:Discussion

Type:Duplicate

Type:Invalid

Type:Question

Type:Suggestion

Type:Suggestion

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/SuiteCRM-SuiteCRM#4181

No description provided.