Update apps/site/pages/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks.md

mcollina · joyeecheung · web-flow · commit 775de7b52cfe · 2026-01-13T08:13:31.000-08:00
Co-authored-by: Joyee Cheung &lt;joyeec9h3@gmail.com&gt;
Signed-off-by: Matteo Collina &lt;matteo.collina@gmail.com&gt;
diff --git a/apps/site/pages/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks.md b/apps/site/pages/en/blog/vulnerability/january-2026-dos-mitigation-async-hooks.md
@@ -300,7 +300,7 @@ While this issue has significant practical impact, we want to be clear about why
 
 The "Maximum call stack size exceeded" error is not part of the ECMAScript specification. The specification assumes infinite stack space; imposing a limit and throwing an error is simply behavior that JavaScript engines implement on a best-effort basis. Building a security model on top of an undocumented, unspecified feature that isn't guaranteed to work consistently would be unreliable.
 
-It's worth noting that even when ECMAScript specifies that [proper tail calls](https://tc39.es/ecma262/#sec-tail-position-calls) [should not be subject to stack size limits](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Execution_model#tail_calls), this has never been implemented by most JavaScript engines, including V8. And in the few JavaScript engines that do implement it, proper tail calls can block an application with infinite recursion instead of hitting the stack size limit at some point and stopping with an error, which is also a Denial-of-Service factor. This reinforces that stack overflow behavior cannot be relied upon for defending against Denial-of-Service attacks.
+It's worth noting that even when ECMAScript specifies that [proper tail calls](https://tc39.es/ecma262/#sec-tail-position-calls) [should reuse stack frames](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Execution_model#tail_calls), this is not implemented by most JavaScript engines today, including V8. And in the few JavaScript engines that do implement it, proper tail calls can block an application with infinite recursion instead of hitting the stack size limit at some point and stopping with an error, which is also a Denial-of-Service factor. This reinforces that stack overflow behavior cannot be relied upon for defending against Denial-of-Service attacks.
 
 ### V8 Doesn't Treat This as a Security Issue
 
