Lightning Components Developer Guide

What is the Lightning Component Framework?
Quick Start
Creating Components
Component Names
Create Lightning Components in the Developer Console
Component Markup
Component Namespace
Component Bundles
Component IDs
HTML in Components
CSS in Components
Component Attributes
Component Composition
Component Body
Component Facets
Controlling Access
Using Object-Oriented Development
Best Practices for Conditional Markup
Component Versioning
Components with Minimum API Version Requirements
Validations for Lightning Component Code
Validation When You Save Code Changes
Validation During Development Using the Salesforce CLI
Review and Resolve Validation Errors and Warnings
Lightning Component Validation Rules
Validation Rules Used at Save Time
Validate JavaScript Intrinsic APIs (ecma-intrinsics)
Validate Aura API (aura-api)
Validate Lightning Component Public API (secure-component)
Validate Secure Document Public API (secure-document)
Validate Secure Window Public API (secure-window)
Disallow Use of caller and callee (no-caller)
Disallow Script URLs (no-script-url)
Disallow Extending Native Objects (no-extend-native)
Disallow Calling Global Object Properties as Functions (no-obj-calls)
Disallow Use of __iterator__ Property (no-iterator)
Disallow Use of __proto__ (no-proto)
Disallow with Statements (no-with)
Salesforce Lightning CLI (Deprecated)
Using Expressions
Using Labels
Localization
Providing Component Documentation
Working with Base Lightning Components
Working with UI Components
Supporting Accessibility
Using Components
Communicating with Events
Creating Apps
Styling Apps
Developing Secure Code
Using JavaScript
Using Apex
Lightning Data Service
Testing Components with Lightning Testing Service
Debugging
Performance
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Validate Lightning Component Public API (secure-component)

This rule validates that only public, supported framework API functions and properties are used.
When Locker Service is enabled, the framework prevents the use of unsupported API objects or calls. That means your Lightning components code is allowed to use:
  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Lightning Component framework
  • Published, supported features built into Locker Service SecureObject objects

Prior to Locker Service, when you created or obtained a reference to a component, you could call any function and access any property available on that component, even if it wasn’t public. When Locker Service is enabled, components are “wrapped” by a new SecureComponent object, which controls access to the component and its functions and properties. SecureComponent restricts you to using only published, supported component API.

Rule Details

The reference doc app lists the API for SecureComponent. Access the reference doc app at:

https://<myDomain>.lightning.force.com/auradocs/reference.app, where <myDomain> is the name of your custom Salesforce domain.

The API for SecureComponent is listed at JavaScript API | Component.