Lightning Components Developer Guide

What is the Lightning Component Framework?
Quick Start
Creating Components
Using Components
Communicating with Events
Creating Apps
App Overview
Designing App UI
Creating App Templates
Developing Secure Code
Content Security Policy Overview
LockerService Rules for Writing Secure Code
Salesforce Lightning CLI
Install Salesforce Lightning CLI
Use Salesforce Lightning CLI
Review and Resolve Problems
Salesforce Lightning CLI Rules
Validate JavaScript Intrinsic APIs (ecma-intrinsics)
Disallow instanceof (no-instanceof)
Validate Aura API (aura-api)
Validate Lightning Component Public API (secure-component)
Validate Secure Document Public API (secure-document)
Validate Secure Window Public API (secure-window)
Custom “House Style” Rules
Salesforce Lightning CLI Options
Styling Apps
Using JavaScript
JavaScript Cookbook
Using Apex
Controlling Access
Using Object-Oriented Development
Caching with Storage Service
Using the AppCache
Distributing Applications and Components
Debugging
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Validate Lightning Component Public API (secure-component)

This rule validates that only public, supported framework API functions and properties are used.
When LockerService is enabled, the framework prevents the use of unsupported API objects or calls. That means your Lightning components code is allowed to use:
  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Lightning Component framework
  • Published, supported features built into LockerService SecureObject objects

Prior to LockerService, when you created or obtained a reference to a component, you could call any function and access any property available on that component, even if it wasn’t public. When LockerService is enabled, components are “wrapped” by a new SecureComponent object, which controls access to the component and its functions and properties. SecureComponent restricts you to using only published, supported component API.

Rule Details

Supported component functions and properties include the following:
  • addHandler
  • addValueProvider
  • autoDestroy
  • clearReference
  • destroy
  • find
  • get
  • getConcreteComponent
  • getElement
  • getElements
  • getEvent
  • getGlobalId
  • getLocalId
  • getReference
  • getSuper
  • getVersion
  • isConcrete
  • isInstanceOf
  • isRendered
  • isValid
  • set

Further Reading