From e7e48fdcf7053db542a0320d3e4ebef5da9545bb Mon Sep 17 00:00:00 2001
From: Samuel Reed <samuel.trace.reed@gmail.com>
Date: Tue, 12 Jan 2016 00:23:04 -0600
Subject: [PATCH] Replace REACT_ELEMENT_TYPE magicnum with Infinity.

This closes the XSS hole on older browsers that don't support Symbol.

More discussion: https://github.com/facebook/react/pull/4832#discussion_r39344352
---
 src/isomorphic/classic/element/ReactElement.js              | 2 +-
 .../classic/element/__tests__/ReactElement-test.js          | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/isomorphic/classic/element/ReactElement.js b/src/isomorphic/classic/element/ReactElement.js
index 44aa50f7d2a15..e20769ee21e16 100644
--- a/src/isomorphic/classic/element/ReactElement.js
+++ b/src/isomorphic/classic/element/ReactElement.js
@@ -20,7 +20,7 @@ var canDefineProperty = require('canDefineProperty');
 // nor polyfill, then a plain number is used for performance.
 var REACT_ELEMENT_TYPE =
   (typeof Symbol === 'function' && Symbol.for && Symbol.for('react.element')) ||
-  0xeac7;
+  Infinity;
 
 var RESERVED_PROPS = {
   key: true,
diff --git a/src/isomorphic/classic/element/__tests__/ReactElement-test.js b/src/isomorphic/classic/element/__tests__/ReactElement-test.js
index 1166ab28eaa75..2295b80563362 100644
--- a/src/isomorphic/classic/element/__tests__/ReactElement-test.js
+++ b/src/isomorphic/classic/element/__tests__/ReactElement-test.js
@@ -45,7 +45,7 @@ describe('ReactElement', function() {
   });
 
   it('uses the fallback value when in an environment without Symbol', function() {
-    expect(<div />.$$typeof).toBe(0xeac7);
+    expect(<div />.$$typeof).toBe(Infinity);
   });
 
   it('returns a complete element according to spec', function() {
@@ -207,7 +207,9 @@ describe('ReactElement', function() {
     expect(React.isValidElement({ type: 'div', props: {} })).toEqual(false);
 
     var jsonElement = JSON.stringify(React.createElement('div'));
-    expect(React.isValidElement(JSON.parse(jsonElement))).toBe(true);
+    // Should be false, even with Symbol not present, due to Infinity value
+    // which cannot be serialized into/from JSON.
+    expect(React.isValidElement(JSON.parse(jsonElement))).toBe(false);
   });
 
   it('allows the use of PropTypes validators in statics', function() {