- From: Adam Rice <notifications@github.com>
- Date: Wed, 30 Apr 2025 02:26:52 -0700
- To: whatwg/encoding <encoding@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/encoding/issues/344/2841359440@github.com>
ricea left a comment (whatwg/encoding#344) > it's not clear how developers sure that a SAB cannot have concurrent access and is safe to use, can use these APIs If we could trust the developer it would be fine for them to say "I promise you have exclusive access to this range of this SaB". But some developers are malicious, and would like to exploit any sensitivity our text codecs have to concurrent modification of the input or output. > If I don't use these primitives or I create manually a typed array and then set it into the SharedArrayBuffer it works but that means duplicated RAM which is not an option on constrained devices when the serialized data could contain also blobs or buffers that will grow twice as much and requires GC to kick in before the memory can be used again. In practice browsers have to deal with the input or output being in a SharedArrayBuffer by adding an extra copy. We could in principle implement our text codecs in wasm so that the JavaScript VM would protect us from security issues, but we don't want to ship two copies of our text codecs and we can't compromise their performance in the normal case. In some cases it is simply better to ship your own text codecs rather than use the platform ones. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/encoding/issues/344#issuecomment-2841359440 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/encoding/issues/344/2841359440@github.com>
Received on Wednesday, 30 April 2025 09:26:56 UTC