Lightning Web Security

Lightning Web Security (LWS) is a security architecture that’s designed to make it easier for your Lightning components to use secure coding practices. LWS is enabled by default for all orgs created in Winter ’23 and later. As of Summer ’23, LWS for Lightning web components and Aura components is generally available for all orgs. Previously, Lightning Locker was the default security architecture for Lightning components.

Lightning Web Security is modeled after the latest TC39 standards to provide innovative usable security for any UI component. This approach enables teams to safely use code from third parties without fear of threats such as cross-site scripting (XSS) attacks. The result is a more secure way to control the execution of code within the UI layer without forcing developers to jump through hoops or abandon desired functionality.

The good news is that LWS doesn’t require refactoring your Lightning component code because your code already abides by the security practices that Lightning Locker also requires. Most existing Lightning components seamlessly work when you enable LWS.

Even better news is you have the option to refactor your code so that your components can take advantage of LWS-only features. Your components run in an isolated JavaScript environment dedicated to your namespace, but they can import components and modules from other namespaces as if they’re all running in the same environment. The namespace isolation is transparent to the components because the architecture takes care of it seamlessly for you. As a result, some of the restrictions that your components observe when running in Lightning Locker aren’t necessary in Lightning Web Security.

To get started with LWS, review these topics.

See Also

Release Preview

This release is in preview. Features described here don't become generally available until the latest general availability date that Salesforce announces for this release. Before then, and where features are noted as beta, pilot, or developer preview, we can't guarantee general availability within any particular time frame or at all. Make your purchase decisions only on the basis of generally available products and features.