Newer Version Available

This content describes an older version of this product. View Latest

Validate Secure Window Public API ( secure-window ) )

This rule validates that only supported functions and properties of the window global are accessed.

When Lightning Locker is enabled, the framework prevents the use of unsupported API objects or calls. That means your Aura components code is allowed to use:

  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Aura Components programming model.
  • Published, supported features built into Lightning Locker SecureObject objects

Prior to Lightning Locker, when you accessed the window global, you could call any function and access any property available. When Lightning Locker is enabled, the window global is “wrapped” by a new SecureWindow object, which controls access to window and its functions and properties. SecureWindow restricts you to using only “safe” features of the window global.