-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathlockdown-shim.js
37 lines (33 loc) · 1.37 KB
/
lockdown-shim.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
// @ts-check
// We import this first to fail as fast as possible if the shim has been
// transformed or embedded in a way that causes it to run in sloppy mode.
// See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_NO_SLOPPY.md
import './assert-sloppy-mode.js';
import { globalThis } from './commons.js';
import { repairIntrinsics } from './lockdown.js';
/** @import {LockdownOptions} from '../types.js' */
/**
* @param {LockdownOptions} [options]
*/
globalThis.lockdown = options => {
const hardenIntrinsics = repairIntrinsics(options);
globalThis.harden = hardenIntrinsics();
};
/**
* @param {LockdownOptions} [options]
*/
globalThis.repairIntrinsics = options => {
const hardenIntrinsics = repairIntrinsics(options);
// Reveal hardenIntrinsics after repairs.
globalThis.hardenIntrinsics = () => {
// Reveal harden after hardenIntrinsics.
// Harden is dangerous before hardenIntrinsics because hardening just
// about anything will inadvertently render intrinsics irreparable.
// Also, for modules that must work both before or after lockdown (code
// that is portable between JS and SES), the existence of harden in global
// scope signals whether such code should attempt to use harden in the
// defense of its own API.
// @ts-ignore harden not yet recognized on globalThis.
globalThis.harden = hardenIntrinsics();
};
};