Developing Secure Code | Lightning Components Developer Guide

Content Security Policy Overview
The framework uses Content Security Policy (CSP) to control the source of content that can be loaded on a page.

LockerService Rules for Writing Secure Code
LockerService is a powerful security architecture for Lightning components. LockerService enhances security by isolating individual Lightning components in their own containers. LockerService also promotes best practices that improve the supportability of your code by only allowing access to supported APIs and eliminating access to non-published framework internals.

Salesforce Lightning CLI
Use Lightning CLI, a code linting tool, to validate your code for use within the LockerService security architecture. Lightning CLI is a Heroku Toolbelt plugin that lets you scan your code for Lightning-specific issues. This tool is useful for preparing your Lightning code for LockerService enablement.