The global read-only crypto
property returns the Crypto
object associated to the global object. This object allows web pages access to certain cryptographic related services.
Although the property itself is read-only, all of its methods (and the methods of its child object, SubtleCrypto
) are not read-only, and therefore vulnerable to attack by polyfill.
Although crypto
is available on all windows, the returned Crypto
object only has one usable feature in insecure contexts: the getRandomValues()
method. In general, you should use this API only in secure contexts.