- From: Mattias Buelens <notifications@github.com>
- Date: Fri, 15 Aug 2025 04:22:52 -0700
- To: whatwg/streams <streams@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 15 August 2025 11:22:56 UTC
MattiasBuelens left a comment (whatwg/streams#1348) @bvisness It's not the reader's side that's a problem, it's the underlying byte source's side. Yes, if the underlying byte source tried to call `byobRequest.view.buffer.transfer()`, then that call will now suddenly throw an error. But is that thrown error *always* going to be handled correctly by the source and cause the stream to become errored? For example, what if this `transfer()` call is actually inside the browser's `fetch()` implementation, and the browser is not checking for errors from that call (because it assumes that it can never throw)? In the best case the browser tab's process crashes, in the worst case it creates a security vulnerability and gets its own CVE. 😛 I do agree that it's a very rare case. Perhaps we should implement it first without an opt-in, and then run an experiment to see if this change is web-compatible? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/streams/issues/1348#issuecomment-3191292875 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/streams/issues/1348/3191292875@github.com>
Received on Friday, 15 August 2025 11:22:56 UTC