The Salesforce Developers website will undergo maintenance on May 29, 2024 from 3:00 a.m. UTC to 10:00 a.m. UTC. The maintenance process may affect the availability of our documentation. Please plan accordingly.

Secure Wrappers

For security, Lightning Locker restricts the use of global objects by hiding an object or by wrapping it in a secure version of the object. For example, the secure version of window is SecureWindow. Locker intercepts calls to window and uses SecureWindow instead.

To see which APIs are supported by the SecureWindow, SecureDocument, and SecureElement wrappers, use the Locker API Viewer tool.

SecureWindow

Available: Lightning Web Components and Aura Components

Secure wrapper for the window object, which represents a window containing a DOM document.

If a Lightning web component and an Aura component belong to the same namespace, they share the same SecureWindow instance.

SecureDocument

Available: Lightning Web Components and Aura Components

Secure wrapper for the document object, which represents the root node of the HTML document or page. The document object is the entry point into the page’s content, which is the DOM tree.

If a Lightning web component and an Aura component belong to the same namespace, they share the same SecureDocument instance.

SecureObject

Available: Lightning Web Components and Aura Components

Secure wrapper for an object that is wrapped by Lightning Locker. When you see a SecureObject, it typically means that you don’t have access to the underlying object and its properties aren’t available.

SecureElement

Available: Lightning Web Components and Aura Components

Secure wrapper for the element object, which represents various HTML elements.

If a Lightning web component and an Aura component belong to the same namespace, they share the same SecureElement instance.

Lightning web components additionally use the SecureLightningElement wrapper.

SecureLightningElement

Available: Lightning Web Components

Secure wrapper for the LightningElement base class. Lightning web components extend the LightningElement base class, and at runtime Locker switches the class with SecureLightningElement. When you create a Lightning web component, do not extend SecureLightningElement directly.

These APIs are not supported.

SecureTemplate

Available: Lightning Web Components

Secure wrapper for the template object, which represents a shadowRoot node.

These APIs are not supported.

Lightning Web Security doesn't use wrappers. It uses API distortions in JavaScript sandboxes to selectively modify APIs that enable non-secure behaviors.