Lightning Components Developer Guide

What is the Lightning Component Framework?
Quick Start
Creating Components
Using Components
Communicating with Events
Creating Apps
App Overview
Designing App UI
Creating App Templates
Developing Secure Code
Validations for Lightning Component Code
Validation When You Save Code Changes
Validation During Development Using the Salesforce CLI
Review and Resolve Validation Errors and Warnings
Lightning Component Validation Rules
Validation Rules Used at Save Time
Validate JavaScript Intrinsic APIs (ecma-intrinsics)
Validate Aura API (aura-api)
Validate Lightning Component Public API (secure-component)
Validate Secure Document Public API (secure-document)
Validate Secure Window Public API (secure-window)
Disallow Use of caller and callee (no-caller)
Disallow Use of eval() (no-eval)
Disallow Implied Use of eval() (no-implied-eval)
Disallow Script URLs (no-script-url)
Disallow Extending Native Objects (no-extend-native)
Disallow Use of Function Constructor (no-new-func)
Disallow Calling Global Object Properties as Functions (no-obj-calls)
Disallow Use of __iterator__ Property (no-iterator)
Disallow Use of __proto__ (no-proto)
Disallow with Statements (no-with)
Salesforce Lightning CLI (Deprecated)
Styling Apps
Using JavaScript
JavaScript Cookbook
Using Apex
Lightning Data Service
Lightning Container
Controlling Access
Using Object-Oriented Development
Using the AppCache
Distributing Applications and Components
Debugging
Fixing Performance Warnings
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Validate Secure Window Public API (secure-window)

This rule validates that only supported functions and properties of the window global are accessed.
When LockerService is enabled, the framework prevents the use of unsupported API objects or calls. That means your Lightning components code is allowed to use:
  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Lightning Component framework
  • Published, supported features built into LockerService SecureObject objects

Prior to LockerService, when you accessed the window global, you could call any function and access any property available. When LockerService is enabled, the window global is “wrapped” by a new SecureWindow object, which controls access to window and its functions and properties. SecureWindow restricts you to using only “safe” features of the window global.

Further Reading