Sanitization by LWS

LWS sanitizes content strings in HTML and SVG elements used in your Lightning components. LWS examines the strings and removes content that poses a potential security risk. This sanitization process protects against cross-site scripting (XSS) attacks.

LWS uses an allowlist of elements and attributes that can remain in the DOM tree after sanitization.

LWS distortions on properties such as innerHTML and setHTML perform sanitization of strings. LWS can apply multiple distortions to some elements to prevent unsafe behavior and remove unsafe content.