Skip to content

Commit

Permalink
Replace REACT_ELEMENT_TYPE magicnum with Infinity.
Browse files Browse the repository at this point in the history
This closes the XSS hole on olders browsers that don't support Symbol.

More discussion: #4832 (comment)
  • Loading branch information
STRML committed Jan 12, 2016
1 parent b60e8c2 commit 8d2de5c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/isomorphic/classic/element/ReactElement.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ var canDefineProperty = require('canDefineProperty');
// nor polyfill, then a plain number is used for performance.
var REACT_ELEMENT_TYPE =
(typeof Symbol === 'function' && Symbol.for && Symbol.for('react.element')) ||
0xeac7;
Infinity;

var RESERVED_PROPS = {
key: true,
Expand Down
6 changes: 4 additions & 2 deletions src/isomorphic/classic/element/__tests__/ReactElement-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ describe('ReactElement', function() {
});

it('uses the fallback value when in an environment without Symbol', function() {
expect(<div />.$$typeof).toBe(0xeac7);
expect(<div />.$$typeof).toBe(Infinity);
});

it('returns a complete element according to spec', function() {
Expand Down Expand Up @@ -207,7 +207,9 @@ describe('ReactElement', function() {
expect(React.isValidElement({ type: 'div', props: {} })).toEqual(false);

var jsonElement = JSON.stringify(React.createElement('div'));
expect(React.isValidElement(JSON.parse(jsonElement))).toBe(true);
// Should be false, even with Symbol not present, due to Infinity value
// which cannot be serialized into/from JSON.
expect(React.isValidElement(JSON.parse(jsonElement))).toBe(false);
});

it('allows the use of PropTypes validators in statics', function() {
Expand Down

0 comments on commit 8d2de5c

Please sign in to comment.