Title: Locker service and lightening components
1(No Transcript)
2What is LockerService ?
- LockerService brings multi-tenancy to the
browsers. This is done by sandboxing of code and
isolation of elements, thereby setting them
apart from the rest of the system. Locker acts as
a Virtual iframe that helps to bring all the
security benefits - minus the drawbacks of UI
for an iframe. - LockerService for businesses are enabled for
components with API version 39.0 and lower. - Consequently, the Locker issues may simply stop
the components or the Lightning page - with
Locker services enforced by Salesforce. Here is
an use case on enforcement of LockerService on
Lightning component.
3What are the security benefits of Locker
Services?
- Locker source is open-source Javascript files
maintained by Salesforce. - When Single Page Applications (SPAs) are built
using Lightning components, then Security can be
enforced by LockerServices. - Locker makes use of Content Security Policy (CSP)
of the browser. - Next, we speak about Locker Compliance and
reworking of LCs.
4Locker Compliance and reworking of LCs.
- The Salesforce admin or the developer can enable
the Locker services with critical updates and
test the component/application - whether it is
functional. - Next we move to CSP Policy, that is implemented
in the modern applications.
5How to implement CSP in the modern applications ?
CSP is supported by all the modern browsers -
Firefox, Chrome, Safari and others. CSP can be
enforced by an HTTP header, rule pattern and a
name. A ruleset defined browser can be used for
prevention webpage downloading of malicious
content from unknown sources.
CSP is supported by all the modern browsers -
Firefox, Chrome, Safari and others. CSP can be
enforced by an HTTP header, rule pattern and a
name. A ruleset defined browser can be used for
prevention webpage downloading of malicious
content from unknown sources.
How to implement CSP in the modern applications ?
- The LC code can be broken under Locker, let us
now find the causes for that.
The LC code can be broken under Locker, let us
now find the causes for that.
6What are the Causes for broken LC Code in Locker
?
- The causes for broken LC code are as follows
- ESS Strict Mode Compliance of Javascript
- Third-party libraries not locker-compliant
- Loading Images or JS libraries from CDN or an
external website.
7You need to check with Javascript strict mode
rules from
https//developer.mozilla.org/en-US/docs/Web/JavaS
cript/Reference/Strict_mode
ESS Strict Mode Compliance Of Javascript
8Third-party libraries not locker-compliant
- One must ensure that any third-party libraries
must be checked for working in Locker Service.
9Loading Images or JS libraries from CDN or an
external website
- The assets and images must be ensured to be
loaded by loading from Salesforce Strict
Resources only.
10THANK YOU