Developing Secure Code
Aura components have a client-side security architecture that helps protect your
custom components by automatically blocking or modifying any insecure behavior of
APIs. This layer prevents components from accessing data that belongs to platform
code or components from other namespaces without explicit permission.
To learn how to build components that work with Lightning Web Security (LWS) or the legacy architecture Lightning Locker, see the Security for Lightning Components guide.
The framework also uses JavaScript strict mode to turn on native security features in the browser, and Content Security Policy (CSP) rules to control the source of content that can be loaded on a page.