Skip to content

Math.random() usage #914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
swetha8612 opened this issue Dec 15, 2023 · 1 comment
Open

Math.random() usage #914

swetha8612 opened this issue Dec 15, 2023 · 1 comment
Labels
breaking feature

Comments

@swetha8612
Copy link

As part of our company's security policy, we run all our application through fortify scan. Fortify scan raised a flag in jszip.js file where Math.random() has been used. It is suggesting to replace with window.crypto.getRandomValues(new Uint32Array(10))[0]. Could you please have a look. Thank you.
@jonkoops
Copy link
Collaborator

This is not really a security issue, so you can safely ignore this scanner result. Using the Crypto API is definitely something we want to explore, but that would introduce a breaking change, since the Crypto API is not universally available in all supported runtimes. Perhaps this can be done by providing a fallback to Math.random() when the API is not available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonkoops @swetha8612