Security for Lightning Components
Develop secure code for custom Lightning web components (LWC) and Aura components. Learn how to build components that work with Lightning Web Security (LWS) or the legacy architecture Lightning Locker. Understand the Stricter Content Security Policy (CSP) setting and the enforcement of JavaScript strict mode.
Get Started
Key Features
  • Enforce Secure Coding Practices
    Prevent components from accessing data that belongs to platform code or components from other namespaces without explicit permission. Automatically block or modify behavior of APIs that aren’t secure.
  • Evaluate JavaScript Compatibility
    Use the LWS or Locker Console to check your JavaScript code’s compatibility with each security architecture. Compare how a component runs with LWS or Lightning Locker enabled and disabled.
  • Enable Stricter Content Security Policy (CSP)
    The Lightning Component framework uses CSP to control the source of content that can be loaded on a page, regardless of whether LWS or Lightning Locker is enabled. Further mitigate the risk of cross-site scripting and other code injection attacks by ensuring that the Stricter CSP setting is enabled.