What security benefits does Lightning LockerService provide in Salesforce?

Tagged: AngularJS, Apex Namespace, Apex REST API, Appexchange, Content Security Policy, Cross Site Scripting, CSP, ISV, Javascript, Lightning Locker Service, React JS, Salesforce Security, Single Page App, XSS

Salesforce® Discussions

What security benefits does Lightning LockerService provide in Salesforce?

Posted by Anjali on August 20, 2018 at 12:43 pm

What security benefits does Lightning LockerService provide in Salesforce?

Parul replied 6 years, 6 months ago 3 Members · 2 Replies
2 Replies

Prachi

Member
August 20, 2018 at 12:54 pm

Hi Anjali,

Lightning LockerService enforces security into Single Page Applications built using Lightning components. Locker uses browser CSP (Content Security Policy) to prevent a web page against cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

In addition to prevention against vulnerabilities, Locker provides two key functions: namespacing your components (similar to Apex namespacing) and isolating component Javascript to only interact with your own component. This allows the secure co-existence of components from multiple vendors on the same web page and ISV’s to build components to publish on the AppExchange.

Thanks.
Parul

Member
September 23, 2018 at 9:05 am

At a high level, Lightning Locker uses various technologies and techniques that are intended to do the following:

Prevent:

Components from causing XSS and similar security issues
Components from reading other component’s rendered data without any restrictions
Components from calling undocumented/private APIs
Enable:

Cool new features like client-side API versioning similar to REST API versioning*
Faster security review
Better and more secure JS development practices
Running 3rd party JS frameworks like React, Angular and so on*
Easily adding or removing new security features and policies

Popular Salesforce Blogs

An Ultimate Guide to Salesforce Workflow Automation

Blog in Salesforce

Workflow automation is the use of software or other technologies to facilitate and streamline complex business processes. Typically, these processes involve a large number of…

Automated Processes, Business Operations, Case Management, CRM, Customer Communication

SP Mar 3, 2023

1,415 Views

Introduction on How to Use Workbench | Salesforce Developer Guide

Blog in Salesforce

Workbench is a powerful and important platform. It is a web-based suite of tools that help the administrators and developers (Salesforce) to communicate with your…

Administrators, Apex, Apex Class, Apex Execute, Apex Page

Anshu Feb 4, 2022

4,904 Views

When Should We Use Record Types In Salesforce?

Blog in Salesforce Implementation

You can get lots of benefits of Record Types in Salesforce but if you do not implement it correctly, then they can create some complexities…

Picklist, Picklist Values, Record Related List, Related Fields, Salesforce Custom Fields

Prafull Jan 24, 2018

16,468 Views

Salesforce Mobile Publisher Demo

Video in Salesforce Stories, Mobile, Salesforce Apps

With Salesforce Mobile Publisher, you can create pixel-perfect mobile applications for employees, customers, and partners. Check out this video and learn all you need to…

salesforce, Salesforce Apps, Salesforce Video, Customers, Salesforce Learning

Pooja Sep 30, 2020

1,922 Views

Highlights of the Salesforce Winter '22 Release for Nonprofits

Video in Salesforce Stories

The video includes both Winter ‘22 Salesforce Platform updates and Nonprofit Cloud tools. Chapters: 0:00 General Salesforce.com Platform Updates 8:13 Salesforce.com Release for Fundraising and…

Salesforce Training, Salesforce Tutorial, salesforce, salesforce platform, Salesforce Video