Improve randomness of UUIDs.

core/utils.js

@@ -552,24 +552,43 @@ Blockly.tokenizeInterpolation = function(message) {
   return tokens;
 };
 
-/**
- * Legal characters for the unique ID.
- * Should be all on a US keyboard.  No XML special characters or control codes.
- * @private
- */
-Blockly.CHARACTER_SOUP_ = '!#$%()*+,-./:;=?@[]^_`{|}~' +
-    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-
 /**
  * Generate a unique ID.  This should be globally unique.
  * 88 characters ^ 20 length ≈ 129 bits (one bit better than a UUID).
  * @return {string}
  */
 Blockly.genUid = function() {
+  var length = 20;
+  var soupLength = Blockly.genUid.soup_.length;
   var id = [];
-  for (var i = 0; i < 20; i++) {
-    id[i] = Blockly.CHARACTER_SOUP_.charAt(Math.random() *
-        Blockly.CHARACTER_SOUP_.length);
+  if (Blockly.genUid.crypto_) {
+    // Cryptographically strong randomness is supported.
+    var array = new Uint32Array(length);
+    Blockly.genUid.crypto_.getRandomValues(array);
+    for (var i = 0; i < length; i++) {
+      id[i] = Blockly.genUid.soup_.charAt(array[i] % soupLength);
+    }
+  } else {
+    // Fall back to Math.random for IE 10.
+    for (var i = 0; i < length; i++) {
+      id[i] = Blockly.genUid.soup_.charAt(Math.random() * soupLength);
+    }
   }
   return id.join('');
 };
+
+/**
+ * Determine if window.crypto or global.crypto exists.
+ * @type {=RandomSource}
+ * @private
+ */
+Blockly.genUid.crypto_ = this.crypto;
+
+/**
+ * Legal characters for the unique ID.
+ * Should be all on a US keyboard.  No XML special characters or control codes.
+ * @private
+ */
+Blockly.genUid.soup_ = '!#$%()*+,-./:;=?@[]^_`{|}~' +
+    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+