refactor(ses): one shot hardening of intrinsics

endojs · Jan 9, 2024 · e13cda6 · e13cda6
1 parent 849725e
commit e13cda6
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js
@@ -388,20 +388,27 @@ export const repairIntrinsics = (options = {}) => {
 
     // Finally register and optionally freeze all the intrinsics. This
     // must be the operation that modifies the intrinsics.
-    tamedHarden(intrinsics);
-
-    // Harden evaluators
-    tamedHarden(globalThis.Function);
-    tamedHarden(globalThis.eval);
-    // @ts-ignore Compartment does exist on globalThis
-    tamedHarden(globalThis.Compartment);
+    const toHarden = {
+      intrinsics,
+      globals: {
+        // Harden evaluators
+        Function: globalThis.Function,
+        eval: globalThis.eval,
+        // @ts-ignore Compartment does exist on globalThis
+        Compartment: globalThis.Compartment,
+
+        // Harden Symbol
+        Symbol: globalThis.Symbol,
+      },
+    };
 
     // Harden Symbol and properties for initialGlobalPropertyNames in the host realm
-    tamedHarden(globalThis.Symbol);
     for (const prop of getOwnPropertyNames(initialGlobalPropertyNames)) {
-      tamedHarden(globalThis[prop]);
+      toHarden.globals[prop] = globalThis[prop];
     }
 
+    tamedHarden(toHarden);
+
     return tamedHarden;
   };