From 94552b2384c6bd7535deff169b28324c23b1c361 Mon Sep 17 00:00:00 2001
From: Chocobo1 <Chocobo1@users.noreply.github.com>
Date: Sun, 3 Aug 2025 15:09:39 +0800
Subject: [PATCH] WebUI: use secure random number generator for generating
 random port

Cryptographically strong random number generators are generally preferred over others.

PR #23049.
---
 src/webui/www/private/views/preferences.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/webui/www/private/views/preferences.html b/src/webui/www/private/views/preferences.html
index 2c5bb2444..198cb5409 100644
--- a/src/webui/www/private/views/preferences.html
+++ b/src/webui/www/private/views/preferences.html
@@ -2127,9 +2127,11 @@ Use ';' to split multiple entries. Can use wildcard '*'.)QBT_TR[CONTEXT=OptionsD
         };
 
         const generateRandomPort = () => {
-            const min = 1024;
-            const max = 65535;
-            const port = Math.floor(Math.random() * (max - min + 1) + min);
+            // don't use modulo operations to avoid 'modulo bias'
+            const buffer = new Uint16Array(1);
+            let port = crypto.getRandomValues(buffer)[0];
+            while (port < 1024)
+                port = crypto.getRandomValues(buffer)[0];
             document.getElementById("portValue").value = port;
         };