From 62c4b573a035d1e55a0f8bb27935dd911ac4be82 Mon Sep 17 00:00:00 2001 From: piquark6046 Date: Wed, 22 Nov 2023 09:18:47 +0000 Subject: [PATCH] fix: prevent potential insecure randomness --- package.json | 2 +- sources/banner.txt | 2 +- sources/src/adshield-defuser-libs/ztinywave.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 5fb0b2f..6460b08 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "microshield", - "version": "3.10.0", + "version": "3.10.1", "description": "", "type": "module", "scripts": { diff --git a/sources/banner.txt b/sources/banner.txt index 5b13340..1619516 100644 --- a/sources/banner.txt +++ b/sources/banner.txt @@ -8,7 +8,7 @@ // @downloadURL https://cdn.jsdelivr.net/gh/List-KR/microShield@latest/microShield.user.js // @license Apache-2.0 // -// @version 3.10.0 +// @version 3.10.1 // @author PiQuark6046 and contributors // // @match *://ad-shield.team/* diff --git a/sources/src/adshield-defuser-libs/ztinywave.ts b/sources/src/adshield-defuser-libs/ztinywave.ts index d218998..2da849c 100644 --- a/sources/src/adshield-defuser-libs/ztinywave.ts +++ b/sources/src/adshield-defuser-libs/ztinywave.ts @@ -74,7 +74,7 @@ export const getKeys__Node__ = async (source: string) => { } }); - const secret = Math.random().toString(36).slice(2); + const secret = (crypto.getRandomValues(new Uint32Array(1))[0] * crypto.getRandomValues(new Uint32Array(1))[0]).toString(36).slice(2); const header = `const ${secret} = (id, source) => { const el = document.createElement('code') el.setAttribute('data-${secret}', id)