Introducing Locker Service
The Lightning Locker Service enforces security in single-page applications built using Lightning Components. Locker uses a browser contentsecurity policy (CSP) to protect a web page against cross-site scripting (XSS), clickjacking, and other code injection attacks that result from the execution of malicious content in a trusted web page context.
Locker Services serve the following purposes:
- Protection against web security vulnerabilities.Â
- Adding namespaces to your components, preventing component code from accessing data from other components.
- A component code only has access to the DOM that was created by your component.
The preceding factors allow for the coexistence of components from multiple vendors on the same web page. Salesforce ISVs can build components and publish on AppExchange (https://appexchange.Salesforce.com/) if the components adhere to locker security principles.
Strict mode enforcement in Locker Service
Locker Service automatically enforces ES5 strict...
