You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two findings:
1. Privkey memory residue (line 364). Setting memPrivKey = null
drops our reference but leaves the 32 bytes in the heap until
GC. JS gives no real memory clearing, but for a Uint8Array we
own, fill(0) overwrites the bytes in place — meaningful for a
multi-step UI where the key sits between PATCH and Test. Added
clearMemPrivKey() and routed the three call sites through it.
2. Profile GET assumed JSON Content-Type (line 456). If the pod
returned Turtle / an HTML error page despite our Accept,
getRes.json() would throw a generic "Unexpected token in JSON"
error. Now reads as text first, validates content-type contains
"json", surfaces the actual content-type and a body prefix on
mismatch, and wraps JSON.parse with a clearer error message.
0 commit comments