Third-Party Web Components With Lightning Locker

Lightning Locker blocks the use of third-party web components to prevent security risks on the Salesforce platform.

Web components are custom elements. To define a custom element, you must use the customElements.define API. However, this API allows you to globally register a component by its tag name. Registering a tag name globally is a security risk because an attacker could create an instance of any registered custom element and potentially gain access to sensitive information. Lightning Locker’s SecureWindow wrapper blocks the customElements methods that create custom web components.

The SecureWindow wrapper list in the Locker API Viewer tool shows that customElements is not supported.