This document provides an introduction and overview of Salesforce's Locker Service. It explains that Locker Service was introduced to enhance security for Lightning Components by preventing cross-site scripting attacks and restricting component access. It discusses how Locker Service affects components by enabling strict mode, restricting access between components in different namespaces, and securing global objects. It also provides information on disabling Locker Service and notes that Locker Service does not affect Visualforce or classic pages.

1. Decoding Locker Service
rahul.malhotra@saasfocus.com, @rahulcoder
Rahul Malhotra, Salesforce Consultant

2. Rahul Malhotra
Software Engineer at SaaSfocus
Blogger & YouTuber at SFDC Stop
rahul.malhotra@saasfocus.com
@rahulcoder

3. Today’s Agenda
• Introduction to Locker Service
• Why salesforce introduced locker service
• How things are affected by locker service
• Disabling locker service

4. Meet Steve
Steve is working as a Salesforce Consultant at a good company
But Steve doesn’t know about Locker Service.
For any problem in lightning components,
Steve used to say to the client
Steve made a decision to learn Locker Service.
It’s all
because of
Locker
Service

5. “Locker Service is a powerful security
architecture for Lightning
Components”

6. Why Salesforce introduced
Locker Service ?

7. “Customers don't measure you on
how hard you tried, they measure
you on what you deliver”
- Steve Jobs

8. Why salesforce introduced Locker Service ?
1. To prevent XSS and other security issues
2. To prevent components to have unrestricted access to other component’s rendered data
3. To prevent components from calling undocumented/private APIs
4. To enhance security of JS code by following best practices

9. How things are affected by Locker Service ?
1. Locker Service implicitly enables JavaScript ES5 strict mode
2. When locker service is enabled, a lightning component can only access the data rendered by
other lightning component if that component is also in the same namespace
3. Locker Service provides secure wrappers of all the global objects like:- window, document etc.
In secure wrappers, some methods and properties are filtered, others are hidden
4. Salesforce classic, visualforce based communities etc. are not affected by Locker Service
5. If a lightning component is used in visualforce, it is affected by locker service

10. It’s time to Code

11. 1. You can disable locker service for a component by setting API version 39.0 or lower for a
component
2. Locker Service is disabled for any component created before Summer’17 and for unsupported
browsers like:- IE11
3. Don’t mix component API versions as if locker service is enabled for child component and
disabled for parent component or vice-versa, you may run into issues
Disabling Locker Service

12. Now Steve knows about locker service and is able to met
the customer’s expectations

13. Boilerplate code and My references
GitHub Repository
The github repository consists
of whole code of this demo
that you can use and
customize:-
https://github.com/rahulmalhot
ra/DF18LockerService
SFDC Stop Blog
For the detailed explanation
and video of the same visit my
blog on the link given below:-
https://sfdcstop.blogspot.com/
2018/09/df18lockerservice.ht
ml
Presentation
This presentation will be
available at the slideshare link
given below:-
https://www.slideshare.net/Ra
hulMalhotra98/dreamforce-
2018-locker-service

14. • Salesforce Developer Documentation:- https://developer.salesforce.com/docs/atlas.en-
us.lightning.meta/lightning/security_code.htm
• Locker Service API:-
http://documentation.auraframework.org/lockerApiTest/index.app?aura.mode=DEV
• Trailhead:- https://trailhead.salesforce.com/en/modules/security-for-lightning-components
Deep dive into Locker Service

15. Q & A