|
|
|
|
|
|
by ifelsehow
3477 days ago
|
|
|
I find the following in Chrome: > window.crypto.getRandomValues // getRandomValues() { [native code] } > window.crypto.getRandomValues = function () { return "aloha" } > window.crypto.getRandomValues() // "aloha" Not sure if this is the case in all browsers. `window.crypto` certainly should be read-only. |
|
|
> window.crypto
< Crypto {subtle: SubtleCrypto}
> window.crypto = "hi!"
< "hi!"
> window.crypto
< Crypto {subtle: SubtleCrypto}
But not anything underneath, including getRandomValues(), as you write. A recent issue about this [1] on the WebCrypto spec itself was closed with 'wontfix' because in their view, polyfilling web APIs is a common and accepted practice.
[1] https://github.com/w3c/webcrypto/issues/107