Lightning Components Developer Guide
jSummer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
App Overview
Designing App UI
Creating App Templates
JavaScript ES5 Strict Mode Enforcement
Access to Supported JavaScript API Framework Methods Only
What Does LockerService Affect?
Disabling LockerService for a Component
Don’t Mix Component API Versions
LockerService Disabled for Unsupported Browsers
Using the AppCache
Distributing Applications and Components
Newer Version Available
What is LockerService?
LockerService is a powerful security architecture for Lightning components. LockerService enhances security by isolating Lightning components in their own
namespace. LockerService also promotes best practices that improve the supportability of your
code by only allowing access to supported APIs and eliminating access to non-published
framework internals.
-
JavaScript ES5 Strict Mode Enforcement
LockerService implicitly enables JavaScript ES5 strict mode. You don’t need to specify "use strict" in your code. JavaScript strict mode makes code more robust and supportable. For example, it throws some errors that would otherwise be suppressed. -
DOM Access Containment
A component can only traverse the DOM and access elements created by a component in the same namespace. This behavior prevents the anti-pattern of reaching into DOM elements owned by components in another namespace. -
Secure Wrappers for Global References
LockerService applies restrictions to global references. LockerService provides secure versions of non-intrinsic objects, such as window. For example, the secure version of window is SecureWindow. You can interact with a secure wrapper in the same way as you interact with the non-intrinsic object, but the secure wrappers filter access to the object and its properties. The secure wrappers expose a subset of the API of the underlying objects. -
Access to Supported JavaScript API Framework Methods Only
You can access published, supported JavaScript API framework methods only. These methods are published in the reference doc app at https://<myDomain>.lightning.force.com/auradocs/reference.app, where <myDomain> is the name of your custom Salesforce domain. Previously, unsupported methods were accessible, which exposed your code to the risk of breaking when unsupported methods were changed or removed. -
What Does LockerService Affect?
Find out what’s affected and what’s not affected by LockerService. -
Disabling LockerService for a Component
You can disable LockerService for a component by setting API version 39.0 or lower for the component. If a component is set to at least API version 40.0, LockerService is enabled. API version 40.0 corresponds to Summer ’17, when LockerService was enabled for all orgs. -
Don’t Mix Component API Versions
For consistency and ease of debugging, we recommend that you set the same API version for all custom components in your app, containment hierarchy (component within component), or extension hierarchy (component extending component). -
LockerService Disabled for Unsupported Browsers
LockerService relies on some JavaScript features in the browser: support for strict mode, the Map object, and the Proxy object. If a browser doesn’t meet the requirements, LockerService can’t enforce all its security features and is disabled.