endojs · erights · Mar 26, 2021 · Mar 26, 2021 · Mar 26, 2021 · Mar 26, 2021
diff --git a/packages/ses/NEWS.md b/packages/ses/NEWS.md
@@ -2,7 +2,20 @@ User-visible changes in SES:
 
 ## Next release
 
-- No changes yet
+- We temporarily introduced a new `__unsafeKludgeForReact__` option whose
+`'unsafe'` setting that unsafely allows React to work under SES in the browser
+  even before React is fixed. Once React is fixed, this option will disappear.
+
+  As the name indicates, this is a temporary kludge that sacrifies safety
+  to get the current version of React working under SES in the browser by any
+  means necessary. What seems to work is to skip the hardening of the
+  primordials during `lockdown`, but to nevertheless enable `harden` to
+  work. Almost all objects inherit from primordial objects, and `harden`
+  is transitively contaigious across both inheritance and own property
+  traversal, so hardening almost any object will still harden those
+  primordials reachable from there. But this avoids or postpones enough
+  primordial freezing that React seems to be the unsafe monkey patching
+  of the primordials before it is too late.
 
 ## Release 0.12.5 (25-Mar-2021)
 

diff --git a/packages/ses/lockdown-options.md b/packages/ses/lockdown-options.md
@@ -28,6 +28,7 @@ Each option is explained in its own section below.
 | `errorTaming`    | `'safe'`    | `'unsafe'`     | `errorInstance.stack`      |
 | `stackFiltering` | `'concise'` | `'verbose'`    | deep stacks signal/noise   |
 | `overrideTaming` | `'moderate'` | `'min'` or `'severe'` | override mistake antidote  |
+| `__unsafeKludgeForReact__` | `'safe'` | `'unsafe'` | sacrifice safety until react is fixed
 
 ## `regExpTaming` Options
 
@@ -487,3 +488,20 @@ by our override mitigation.
 
 ![overrideTaming: 'severe' vscode inspector display](docs/images/override-taming-star-inspector.png)
 </details>
+
+## `__unsafeKludgeForReact__` Options
+
+We temporarily introduced a new `__unsafeKludgeForReact__` option whose
+`'unsafe'` setting that unsafely allows React to work under SES in the browser
+even before React is fixed. Once React is fixed, this option will disappear.
+
+As the name indicates, this is a temporary kludge that sacrifies safety
+to get the current version of React working under SES in the browser by any
+means necessary. What seems to work is to skip the hardening of the
+primordials during `lockdown`, but to nevertheless enable `harden` to
+work. Almost all objects inherit from primordial objects, and `harden`
+is transitively contaigious across both inheritance and own property
+traversal, so hardening almost any object will still harden those
+primordials reachable from there. But this avoids or postpones enough
+primordial freezing that React seems to be the unsafe monkey patching
+of the primordials before it is too late.
diff --git a/packages/ses/src/lockdown-shim.js b/packages/ses/src/lockdown-shim.js
@@ -42,6 +42,7 @@ import { assert, makeAssert } from './error/assert.js';
  *   consoleTaming?: 'safe' | 'unsafe',
  *   overrideTaming?: 'min' | 'moderate' | 'severe',
  *   stackFiltering?: 'concise' | 'verbose',
+ *   __unsafeKludgeForReact__?: 'safe' | 'unsafe',
  * }} LockdownOptions
  */
 
@@ -140,6 +141,7 @@ export function repairIntrinsics(
     consoleTaming = 'safe',
     overrideTaming = 'moderate',
     stackFiltering = 'concise',
+    __unsafeKludgeForReact__ = 'safe',
 
     ...extraOptions
   } = options;
@@ -172,6 +174,7 @@ export function repairIntrinsics(
     consoleTaming,
     overrideTaming,
     stackFiltering,
+    __unsafeKludgeForReact__,
   };
 
   /**
@@ -249,11 +252,16 @@ export function repairIntrinsics(
 
   function hardenIntrinsics() {
     // Circumvent the override mistake.
+    // TODO consider moving this to the end of the repair phase, and
+    // therefore before vetted shims rather than afterwards. It is not
+    // clear yet which is better.
     enablePropertyOverrides(intrinsics, overrideTaming);
 
-    // Finally register and optionally freeze all the intrinsics. This
-    // must be the operation that modifies the intrinsics.
-    lockdownHarden(intrinsics);
+    if (__unsafeKludgeForReact__ !== 'unsafe') {
+      // Finally register and optionally freeze all the intrinsics. This
+      // must be the operation that modifies the intrinsics.
+      lockdownHarden(intrinsics);
+    }
 
     // Having completed lockdown without failing, the user may now
     // call `harden` and expect the object's transitively accessible properties

diff --git a/packages/ses/test/test-unsafe-kludge-for-react.js b/packages/ses/test/test-unsafe-kludge-for-react.js
@@ -0,0 +1,32 @@
+import test from 'ava';
+import '../lockdown.js';
+
+lockdown({
+  __unsafeKludgeForReact__: 'unsafe',
+});
+
+test('Unsafe kludge for react', t => {
+  t.false(Object.isFrozen(Object.prototype));
+
+  const x = {};
+  x.toString = () => 'foo';
+  x.constructor = 'Foo';
+  t.is(`${x}`, 'foo');
+  t.is(x.constructor, 'Foo');
+
+  harden(x);
+
+  t.true(Object.isFrozen(Object.prototype));
+
+  const y = {};
+  y.toString = () => 'bar';
+  t.throws(
+    () => {
+      y.constructor = 'Bar';
+    },
+    undefined,
+    'Override should not be enabled for "constructor".',
+  );
+  t.is(`${y}`, 'bar');
+  t.is(y.constructor, Object);
+});