Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I find the following in Chrome:

> window.crypto.getRandomValues

// getRandomValues() { [native code] }

> window.crypto.getRandomValues = function () { return "aloha" }

> window.crypto.getRandomValues()

// "aloha"

Not sure if this is the case in all browsers. `window.crypto` certainly should be read-only.



In Chrome, window.crypto is read-only:

> window.crypto

< Crypto {subtle: SubtleCrypto}

> window.crypto = "hi!"

< "hi!"

> window.crypto

< Crypto {subtle: SubtleCrypto}

But not anything underneath, including getRandomValues(), as you write. A recent issue about this [1] on the WebCrypto spec itself was closed with 'wontfix' because in their view, polyfilling web APIs is a common and accepted practice.

[1] https://github.com/w3c/webcrypto/issues/107


Shouldn't all pollyfills check only override the functions if they're missing?


What if it's present but the implementation is incomplete?


E.g. an extra optional parameter.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: