Activity Forums Salesforce® Discussions What security benefits does Lightning LockerService provide in Salesforce?

Tagged: , , , , , , , , , , , , ,

  • Prachi

    Member
    August 20, 2018 at 12:54 pm

    Hi Anjali,

    Lightning LockerService enforces security into Single Page Applications built using Lightning components. Locker uses browser CSP (Content Security Policy) to prevent a web page against cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

    In addition to prevention against vulnerabilities, Locker provides two key functions: namespacing your components (similar to Apex namespacing) and isolating component Javascript to only interact with your own component. This allows the secure co-existence of components from multiple vendors on the same web page and ISV’s to build components to publish on the AppExchange.

    Thanks.

  • Parul

    Member
    September 23, 2018 at 9:05 am

    At a high level, Lightning Locker uses various technologies and techniques that are intended to do the following:

    Prevent:

    Components from causing XSS and similar security issues
    Components from reading other component’s rendered data without any restrictions
    Components from calling undocumented/private APIs
    Enable:

    Cool new features like client-side API versioning similar to REST API versioning*
    Faster security review
    Better and more secure JS development practices
    Running 3rd party JS frameworks like React, Angular and so on*
    Easily adding or removing new security features and policies

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos

Report

Harassment or bullying behavior
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Mobile App Reported Contents
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .