Locker service and lightening components - PowerPoint PPT Presentation

About This Presentation
Title:

Locker service and lightening components

Description:

Locker source is open-source Javascript files maintained by Salesforce. When Single Page Applications (SPAs) are built using Lightning components, then Security can be enforced by LockerServices. – PowerPoint PPT presentation

Number of Views:4
Slides: 11
Provided by: vivekshukla
Category:

less

Transcript and Presenter's Notes

Title: Locker service and lightening components


1
(No Transcript)
2
What is LockerService ?
  • LockerService brings multi-tenancy to the
    browsers. This is done by sandboxing of code and
    isolation of elements, thereby setting them
    apart from the rest of the system. Locker acts as
    a Virtual iframe that helps to bring all the
    security benefits - minus the drawbacks of UI
    for an iframe.
  • LockerService for businesses are enabled for
    components with API version 39.0 and lower.
  • Consequently, the Locker issues may simply stop
    the components or the Lightning page - with
    Locker services enforced by Salesforce. Here is
    an use case on enforcement of LockerService on
    Lightning component.

3
What are the security benefits of Locker
Services?
  • Locker source is open-source Javascript files
    maintained by Salesforce.
  • When Single Page Applications (SPAs) are built
    using Lightning components, then Security can be
    enforced by LockerServices.
  • Locker makes use of Content Security Policy (CSP)
    of the browser.
  • Next, we speak about Locker Compliance and
    reworking of LCs.

4
Locker Compliance and reworking of LCs.
  • The Salesforce admin or the developer can enable
    the Locker services with critical updates and
    test the component/application - whether it is
    functional.
  • Next we move to CSP Policy, that is implemented
    in the modern applications.

5
How to implement CSP in the modern applications ?
CSP is supported by all the modern browsers -
Firefox, Chrome, Safari and others. CSP can be
enforced by an HTTP header, rule pattern and a
name. A ruleset defined browser can be used for
prevention webpage downloading of malicious
content from unknown sources.

CSP is supported by all the modern browsers -
Firefox, Chrome, Safari and others. CSP can be
enforced by an HTTP header, rule pattern and a
name. A ruleset defined browser can be used for
prevention webpage downloading of malicious
content from unknown sources.

How to implement CSP in the modern applications ?
  • The LC code can be broken under Locker, let us
    now find the causes for that.

The LC code can be broken under Locker, let us
now find the causes for that.
6
What are the Causes for broken LC Code in Locker
?
  • The causes for broken LC code are as follows
  • ESS Strict Mode Compliance of Javascript
  • Third-party libraries not locker-compliant
  • Loading Images or JS libraries from CDN or an
    external website.

7
You need to check with Javascript strict mode
rules from
https//developer.mozilla.org/en-US/docs/Web/JavaS
cript/Reference/Strict_mode
ESS Strict Mode Compliance Of Javascript
8
Third-party libraries not locker-compliant
  • One must ensure that any third-party libraries
    must be checked for working in Locker Service.

9
Loading Images or JS libraries from CDN or an
external website
  • The assets and images must be ensured to be
    loaded by loading from Salesforce Strict
    Resources only.

10
THANK YOU
Write a Comment
User Comments (0)
About PowerShow.com