zloirock
commented
11 months ago It's used in one place as a part of uniq key generation. It can't be replaced with window.crypto.getRandomValues(new Uint32Array(10))[0] since in almost all cases it's usage in ancient engines where crypto.getRandomValues and even Uint32Array are not available.
As part of our company's security policy, we run all our application through fortify scan. Fortify scan raised a flag in a couple of places where Math.random() has been used. It is suggesting to replace with window.crypto.getRandomValues(new Uint32Array(10))[0]. Could you please have a look. Thank you.