-
What security benefits does Lightning LockerService provide in Salesforce?
What security benefits does Lightning LockerService provide in Salesforce?
-
2 Replies
-
Hi Anjali,
Lightning LockerService enforces security into Single Page Applications built using Lightning components. Locker uses browser CSP (Content Security Policy) to prevent a web page against cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
In addition to prevention against vulnerabilities, Locker provides two key functions: namespacing your components (similar to Apex namespacing) and isolating component Javascript to only interact with your own component. This allows the secure co-existence of components from multiple vendors on the same web page and ISV’s to build components to publish on the AppExchange.
Thanks.
- [adinserter block='9']
-
At a high level, Lightning Locker uses various technologies and techniques that are intended to do the following:
Prevent:
Components from causing XSS and similar security issues
Components from reading other component’s rendered data without any restrictions
Components from calling undocumented/private APIs
Enable:Cool new features like client-side API versioning similar to REST API versioning*
Faster security review
Better and more secure JS development practices
Running 3rd party JS frameworks like React, Angular and so on*
Easily adding or removing new security features and policies
Log In to reply.
