103 points | by zdw 3 days ago ago
11 comments
Where is the spec? I can't find an entry on MDN.
Is there a way to get reproducibility? In the same browser or across browsers? Even if it's not the default mode.
Spec: https://www.w3.org/TR/css-values-5/#randomness
WPT test results: https://wpt.fyi/results/css/css-values?label=master&label=ex...
Only Safari supports it for now, it seems.
Related: Animated starfield in pure CSS
https://codepen.io/ArneSava/pen/BaWxOaR
Nice. Currently I have to set CSS custom properties with JS to achieve the same effect.
Wonderful to see how CSS gets a usable random function before JS does.
Maybe "usable" is your qualifier but what's wrong with Math.random()?
To generate random number in a specific range you need to do something I always forget and need to google.
Math.floor(Math.random() * (max - min + 1)) + min;
The CSS function would be random(min, max)
Also the CSS function seems to take a number of steps, it is not immediately obvious to me how to do that with Math.random()
JS also has Crypto.getRandomValues()
I yern for the day we can have react-type pages without any javascript. Keep chugging webkit I believe in you.
Nice but... no dice!
Having seen too many "this randomness function was never meant to be used for security, but people use it for security anyway" vulnerabilities in the past:
Can we PLEASEPLEASEPLEASE have this secure by default from the beginning?
Security in the Stylesheet? Come on, you need to set boundaries for expectable use.
Where is the spec? I can't find an entry on MDN.
Is there a way to get reproducibility? In the same browser or across browsers? Even if it's not the default mode.
Spec: https://www.w3.org/TR/css-values-5/#randomness
WPT test results: https://wpt.fyi/results/css/css-values?label=master&label=ex...
Only Safari supports it for now, it seems.
Related: Animated starfield in pure CSS
https://codepen.io/ArneSava/pen/BaWxOaR
Nice. Currently I have to set CSS custom properties with JS to achieve the same effect.
Wonderful to see how CSS gets a usable random function before JS does.
Maybe "usable" is your qualifier but what's wrong with Math.random()?
To generate random number in a specific range you need to do something I always forget and need to google.
(Google AI summary says this is the thing)The CSS function would be random(min, max)
Also the CSS function seems to take a number of steps, it is not immediately obvious to me how to do that with Math.random()
JS also has Crypto.getRandomValues()
I yern for the day we can have react-type pages without any javascript. Keep chugging webkit I believe in you.
Nice but... no dice!
Having seen too many "this randomness function was never meant to be used for security, but people use it for security anyway" vulnerabilities in the past:
Can we PLEASEPLEASEPLEASE have this secure by default from the beginning?
Security in the Stylesheet? Come on, you need to set boundaries for expectable use.