[whatwg] Side effects free scripts

On Thu, 01 Jun 2006 05:43:42 +0700, Andrew Fedoniouk <news at terrainformatica.com> wrote:

> I don't know any algorithm of random number generation which is not
> using previous value stored somewhere (seed). (I mean software based
> random generation only)

There are software random number generators which gather entropy from user's input (the timing between keypresses, for example). And there are hardware random nubmer generators.

Anyway, it's a theoretical discussion which is not relevant to script security.

Whether Math.random() should be considered safe for side effects free scripts or not is an arguable question. There is no danger in allowing Math.random() in CSS expression() from the security standpoint. But at the same time allowing Math.random() means that it's possible that the script returns different values each time invoked, which makes the life of the layout engine harder.


-- 
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com

Received on Wednesday, 31 May 2006 20:40:35 UTC