[Security] Revoke blob URLs after download to prevent memory leaks and URL exposure

[magic-peach]

Overview

Blob URLs remain in browser memory until explicitly revoked with URL.revokeObjectURL(). After a user downloads their video, the blob URL should be revoked to free memory and prevent the URL from being accessible via browser history.

Risk

• Memory accumulation across multiple exports
• Blob URL accessible in browser history

Implementation

In DownloadResult.tsx, after download:

const handleDownload = () => {
  // Download initiates
  // After a delay (to allow browser to process)
  setTimeout(() => URL.revokeObjectURL(result.blobUrl), 1000)
}

Also revoke in reset() function.

Acceptance Criteria

• Blob URL revoked after download
• Blob URL revoked on reset
• Memory verified to not accumulate after multiple exports

[aksharsawhney74-rgb]

Hi @magic-peach ,

I would love to work on this performance optimization issue for GSSoC '26!
Could you please assign this to me?

Thanks,
Akshar

[magic-peach]

@aksharsawhney74-rgb please star the repo

[magic-peach]

Fixed by #311 — blob URLs are now properly revoked after exports and in the reset() function to prevent memory leaks. Closing as resolved.