Lightning Components Developer Guide

What is the Lightning Component Framework?
Quick Start
Creating Components
Using Components
Communicating with Events
Creating Apps
App Overview
Designing App UI
Creating App Templates
Developing Secure Code
Validations for Lightning Component Code
Validation When You Save Code Changes
Validation During Development Using the Salesforce CLI
Review and Resolve Validation Errors and Warnings
Lightning Component Validation Rules
Validation Rules Used at Save Time
Validate JavaScript Intrinsic APIs (ecma-intrinsics)
Validate Aura API (aura-api)
Validate Lightning Component Public API (secure-component)
Validate Secure Document Public API (secure-document)
Validate Secure Window Public API (secure-window)
Disallow Use of caller and callee (no-caller)
Disallow Use of eval() (no-eval)
Disallow Implied Use of eval() (no-implied-eval)
Disallow Script URLs (no-script-url)
Disallow Extending Native Objects (no-extend-native)
Disallow Use of Function Constructor (no-new-func)
Disallow Calling Global Object Properties as Functions (no-obj-calls)
Disallow Use of __iterator__ Property (no-iterator)
Disallow Use of __proto__ (no-proto)
Disallow with Statements (no-with)
Salesforce Lightning CLI (Deprecated)
Styling Apps
Using JavaScript
JavaScript Cookbook
Using Apex
Lightning Data Service
Lightning Container
Controlling Access
Using Object-Oriented Development
Using the AppCache
Distributing Applications and Components
Debugging
Fixing Performance Warnings
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Validation Rules Used at Save Time

The following rules are used for validations that are done when you save your Lightning component code.

Validation failures for any of these rules prevents saving changes to your code.

Lightning Platform Rules

These rules are specific to Lightning component JavaScript code. These custom rules are written and maintained by Salesforce.

Validate Aura API (aura-api)
This rule verifies that use of the framework APIs is according to the published documentation. The use of undocumented or private features is disallowed.
Validate Secure Document Public API (secure-document)
This rule validates that only supported functions and properties of the document global are accessed.
Validate Secure Window Public API (secure-window)
This rule validates that only supported functions and properties of the window global are accessed.

General JavaScript Rules

These rules are general JavaScript rules, which enforce basic correct use of JavaScript required for Lightning components. These rules are built into the ESLint tool.

Disallow Use of caller and callee (no-caller)
Prevent the use of arguments.caller and arguments.callee. These are also forbidden in ECMAScript 5 and later when in strict mode, which is enabled under LockerService.
Disallow Use of eval() (no-eval)
Prevent the use of eval() to execute arbitrary code. eval() represents a significant security risk, and is forbidden under LockerService.
Disallow Extending Native Objects (no-extend-native)
Prevent changing the behavior of built-in JavaScript objects, such as Object or Array, by modifying their prototypes.
Disallow Implied Use of eval() (no-implied-eval)
Prevent the indirect use of eval() by passing code as a string to built-in functions that will evaluate it, such as setTimeout(). Pass in a real function instead.
Disallow Use of __iterator__ Property (no-iterator)
Prevents using the obsolete __iterator__ property. Use standard JavaScript iterators and generators instead.
Disallow Use of Function Constructor (no-new-func)
Prevents the creation of new functions using the Function() constructor. This is a non-standard, hard to read, and therefore terrible practice. It also requires parsing a string as code in much the same way eval() does.
Disallow Calling Global Object Properties as Functions (no-obj-calls)
Prevents calling the Math, JSON, and Reflect global objects as though they were functions. For example, Math() is disallowed. This follows the ECMAScript 5 specification.
Disallow Use of __proto__ (no-proto)
Prevents using the obsolete __proto__ property, which was deprecated in ECMAScript 3.1. Use Object.getPrototypeOf() instead.
Disallow Script URLs (no-script-url)
Prevents the use of javascript: URLs, which is yet another way to try to eval() a string.
Disallow with Statements (no-with)
Prevents using with statements, which adds members of an object to the current scope in a way that makes it hard to predict or view impact or behavior.