In browsers that have it, you can use crypto.getRandomValues
to get cryptographically-secure pseudorandom values. For example:
var array = new Uint8Array(16);
crypto.getRandomValues(array);
You can then manipulate those bytes into a valid UUID.