Lightning Aura Components Developer Guide

Introducing Aura Components
Quick Start
Creating Components
Component Names
Create Aura Components in the Developer Console
Create Aura Components Using Salesforce CLI
Component Markup
Component Namespace
Component Bundles
Component IDs
HTML in Components
CSS in Components
Component Attributes
Using Expressions
Component Composition
Component Body
Component Facets
Controlling Access
Using Object-Oriented Development
Best Practices for Conditional Markup
Aura Component Versioning for Managed Packages
Base Components with Minimum API Version Requirements
Validations for Aura Component Code
Validation When You Save Code Changes
Validation During Development Using ESLint
Aura Component Validation Rules
Validation Rules Used at Save Time
Validate JavaScript Intrinsic APIs ( ecma-intrinsics ) )
Validate Aura API ( aura-api ) )
Validate Aura Component Public API ( secure-component ) )
Validate Secure Document Public API ( secure-document ) )
Validate Secure Window Public API ( secure-window ) )
Disallow Use of caller and and callee ( ( no-caller ) )
Disallow Script URLs ( no-script-url ) )
Disallow Extending Native Objects ( no-extend-native ) )
Disallow Calling Global Object Properties as Functions ( no-obj-calls ) )
Disallow Use of __iterator__ Property ( Property ( no-iterator ) )
Disallow Use of __proto__ ( ( no-proto ) )
Disallow with Statements ( Statements ( no-with ) )
Using Labels
Localization
Working with Lightning Base Components
Supporting Accessibility
Writing Documentation for the Component Library
Using Components
Communicating with Events
Communicating Across the DOM with Lightning Message Service
Creating Apps
Styling Apps
Developing Secure Code
Using JavaScript
Working with Salesforce Data
Testing Components
Debugging
Performance
Reference
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Validate Secure Window Public API ( secure-window ) )

This rule validates that only supported functions and properties of the window global are accessed.

When Lightning Locker is enabled, the framework prevents the use of unsupported API objects or calls. That means your Aura components code is allowed to use:

  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Aura Components programming model.
  • Published, supported features built into Lightning Locker SecureObject objects

Prior to Lightning Locker, when you accessed the window global, you could call any function and access any property available. When Lightning Locker is enabled, the window global is “wrapped” by a new SecureWindow object, which controls access to window and its functions and properties. SecureWindow restricts you to using only “safe” features of the window global.