Having seen too many "this randomness function was never meant to be used for security, but people use it for security anyway" vulnerabilities in the past:

Can we PLEASEPLEASEPLEASE have this secure by default from the beginning?

▲

bigDinosaur 4 days ago | parent | next [-]

If you implement security protocols in a production app using CSS then you deserve to be hacked and then sued for negligence.

	▲	RestartKernel 4 days ago \| parent [-]
		Counterargument: it would make for a very funny post-mortem.

▲

1718627440 4 days ago | parent | prev [-]

Security in the Stylesheet? Come on, you need to set boundaries for expectable use.

▲

phyzome 4 days ago | parent [-]

"Look, I implemented diceware in pure CSS!" is unfortunately not that hard to imagine.

I would bet someone is already working on it as we speak.

	▲	1718627440 4 days ago \| parent [-]
		I don't disagree on that point. Introducing cryptography in the STANDARD for stylesheets adds complexity where it doesn't belong. Ultimately a browser vendor isn't responsible when a company sells insecure cryptography. Adding crypto to CSS will bring us nearer to bitcoin mining in the CSS engine.