Lightning Components Developer Guide
Summer '26 (API version 67.0)
Spring '26 (API version 66.0)
Winter '26 (API version 65.0)
Summer '25 (API version 64.0)
Spring '25 (API version 63.0)
Winter '25 (API version 62.0)
Summer '24 (API version 61.0)
Spring '24 (API version 60.0)
Winter '24 (API version 59.0)
Summer '23 (API version 58.0)
Spring '23 (API version 57.0)
Winter '23 (API version 56.0)
Summer '22 (API version 55.0)
Spring '22 (API version 54.0)
Winter '22 (API version 53.0)
Summer '21 (API version 52.0)
Spring '21 (API version 51.0)
Winter '21 (API version 50.0)
Summer '20 (API version 49.0)
Spring '20 (API version 48.0)
Winter '20 (API version 47.0)
Summer '19 (API version 46.0)
Spring '19 (API version 45.0)
Winter '19 (API version 44.0)
Summer '18 (API version 43.0)
Spring '18 (API version 42.0)
Winter '18 (API version 41.0)
Summer '17 (API version 40.0)
Spring '17 (API version 39.0)
Winter '17 (API version 38.0)
Summer '16 (API version 37.0)
Spring '16 (API version 36.0)
Winter '16 (API version 35.0)
Summer '15 (API version 34.0)
Spring '15 (API version 33.0)
Winter '15 (API version 32.0)
JavaScript ES5 Strict Mode Enforcement
Access to Supported JavaScript API Framework Methods Only
What Does Locker Service Affect?
Disabling Locker Service for a Component
Don’t Mix Component API Versions
Locker Service Disabled for Unsupported Browsers
Newer Version Available
What is Locker Service?
Locker Service is a powerful security architecture for Lightning components. Locker Service enhances security by isolating Lightning components that belong to one
namespace from components in a different namespace. Locker Service also promotes best
practices that improve the supportability of your code by only allowing access to supported
APIs and eliminating access to non-published framework internals.
-
JavaScript ES5 Strict Mode Enforcement
Locker Service implicitly enables JavaScript ES5 strict mode. You don’t need to specify "use strict" in your code. JavaScript strict mode makes code more secure, robust and supportable. -
DOM Access Containment
A component can only traverse the DOM and access elements created by a component in the same namespace. This behavior prevents the anti-pattern of reaching into DOM elements owned by components in another namespace. -
Secure Wrappers
Locker Service applies restrictions to global objects by hiding the objects or providing secure versions of those objects. For example, the secure version of window is SecureWindow. You can interact with the secure version in the same way you interact with the non-secure one, except that some methods and properties are filtered, and others are hidden. -
Access to Supported JavaScript API Framework Methods Only
You can access published, supported JavaScript API framework methods only. These methods are published in the reference doc app at https://<myDomain>.lightning.force.com/auradocs/reference.app, where <myDomain> is the name of your custom Salesforce domain. Previously, unsupported methods were accessible, which exposed your code to the risk of breaking when unsupported methods were changed or removed. -
What Does Locker Service Affect?
Find out what’s affected and what’s not affected by Locker Service. -
Disabling Locker Service for a Component
You can disable Locker Service for a component by setting API version 39.0 or lower for the component. If a component is set to at least API version 40.0, Locker Service is enabled. API version 40.0 corresponds to Summer ’17, when Locker Service was enabled for all orgs. -
Don’t Mix Component API Versions
For consistency and ease of debugging, we recommend that you set the same API version for all custom components in your app, containment hierarchy (component within component), or extension hierarchy (component extending component). -
Locker Service Disabled for Unsupported Browsers
Locker Service relies on some JavaScript features in the browser: support for strict mode, the Map object, and the Proxy object. If a browser doesn’t meet the requirements, Locker Service can’t enforce all its security features and is disabled.