Activity Forums Salesforce® Discussions What security benefits does Lightning LockerService provide in Salesforce?

  • Prachi

    August 20, 2018 at 12:54 pm

    Hi Anjali,

    Lightning LockerService enforces security into Single Page Applications built using Lightning components. Locker uses browser CSP (Content Security Policy) to prevent a web page against cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.

    In addition to prevention against vulnerabilities, Locker provides two key functions: namespacing your components (similar to Apex namespacing) and isolating component Javascript to only interact with your own component. This allows the secure co-existence of components from multiple vendors on the same web page and ISV’s to build components to publish on the AppExchange.


  • Parul

    September 23, 2018 at 9:05 am

    At a high level, Lightning Locker uses various technologies and techniques that are intended to do the following:


    Components from causing XSS and similar security issues
    Components from reading other component’s rendered data without any restrictions
    Components from calling undocumented/private APIs

    Cool new features like client-side API versioning similar to REST API versioning*
    Faster security review
    Better and more secure JS development practices
    Running 3rd party JS frameworks like React, Angular and so on*
    Easily adding or removing new security features and policies

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos