Hi devs, I have a very bad news... Working on bug 15715, I have found that the patchset introduced by bug 13618 (Prevent XSS in the Staff Client and the OPAC) causes a very important performance issue. Indeed, for each variable displayed in the template, a Template::Stash::AutoEscaping->get method is called. To try and understand the problem, I have put the following snippet in the mainpage.pl script: +my @loop; +for my $i ( 0 .. 10000 ) { + push @loop, { + foo => 'my foo', + bar => 'my bar', + }; +} +$template->param( loop => \@loop ); and then, in the template +[% FOR l IN loop %] + [% l.foo %] [% l.bar %] + <br/> +[% END %] It will display 10k foo and 10k bar There are indeed 20k (+ delta) calls to the Template::Stash::AutoEscaping method, as expected. But the load of the page increases from 2sec to 10sec (no plack, measured with Firebug > network tab) On catalogue/search.pl, 1800 calls, from 6sec to 6.5s On authorities/authorities.pl?breedingid=186&authtypecode=CORPO_NAME&authid=0 (From bug 15715), 64k calls (!!!) from ~10sec to ~4min On cataloguing/addbiblio.pl?biblionumber=1, 13k calls, from 3sec to 9sec Do not take these measures too strictly, but they give an idea of the issue... So I don't see a lot of methods to fix that: 1/ Revert and abandon 13618 2/ Understand how it's possible to have 60k calls to display a form and try to improve these areas 3/ Profile Template::Stash::AutoEscaping to know if we cannot optimise what it does 4/ Any brilliant ideas? Jonathan https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15715 https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618