W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2006

[whatwg] Side effects free scripts

From: Alexey Feldgendler <alexey@feldgendler.ru>
Date: Thu, 01 Jun 2006 10:40:35 +0700
Message-ID: <op.taf65xxc1h6og4@localhost>
On Thu, 01 Jun 2006 05:43:42 +0700, Andrew Fedoniouk <news at terrainformatica.com> wrote:

> I don't know any algorithm of random number generation which is not
> using previous value stored somewhere (seed). (I mean software based
> random generation only)

There are software random number generators which gather entropy from user's input (the timing between keypresses, for example). And there are hardware random nubmer generators.

Anyway, it's a theoretical discussion which is not relevant to script security.

Whether Math.random() should be considered safe for side effects free scripts or not is an arguable question. There is no danger in allowing Math.random() in CSS expression() from the security standpoint. But at the same time allowing Math.random() means that it's possible that the script returns different values each time invoked, which makes the life of the layout engine harder.


-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
Received on Wednesday, 31 May 2006 20:40:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:27 UTC