SlideShare a Scribd company logo

Javascript Security and Lightning Locker Service

Salesforce Developers
Salesforce Developers

This session will introduce Locker Service, a new feature of the Lightning Component Framework which serves to manage JavaScript security while rendering Lightning applications. Get the background on why Locker Service is necessary, what you'll need to know to implement and the advantages it offers the platform.

Software
1 of 17
Download to read offline
JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
JavaScript Security
● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
XSS DEMO
● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
Introducing LockerService
LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning
Questions?
thank y u
Javascript Security and Lightning Locker Service

Recommended

Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerSalesforce Developers
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced FeaturesSalesforce Developers
 
Building a Single Page App with Lightning Components
Building a Single Page App with Lightning ComponentsBuilding a Single Page App with Lightning Components
Building a Single Page App with Lightning ComponentsSalesforce Developers
 
Build Better Communities with Lightning
Build Better Communities with LightningBuild Better Communities with Lightning
Build Better Communities with LightningSalesforce Developers
 
Modeling and Querying Data and Relationships in Salesforce
Modeling and Querying Data and Relationships in SalesforceModeling and Querying Data and Relationships in Salesforce
Modeling and Querying Data and Relationships in SalesforceSalesforce Developers
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Diving Into Heroku Private Spaces
Diving Into Heroku Private SpacesDiving Into Heroku Private Spaces
Diving Into Heroku Private SpacesSalesforce Developers
 

Recommended

Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerSalesforce Developers
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced FeaturesSalesforce Developers
 
Building a Single Page App with Lightning Components
Building a Single Page App with Lightning ComponentsBuilding a Single Page App with Lightning Components
Building a Single Page App with Lightning ComponentsSalesforce Developers
 
Build Better Communities with Lightning
Build Better Communities with LightningBuild Better Communities with Lightning
Build Better Communities with LightningSalesforce Developers
 
Modeling and Querying Data and Relationships in Salesforce
Modeling and Querying Data and Relationships in SalesforceModeling and Querying Data and Relationships in Salesforce
Modeling and Querying Data and Relationships in SalesforceSalesforce Developers
 
Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Secure Development on the Salesforce Platform - Part 3
Secure Development on the Salesforce Platform - Part 3Mark Adcock
 
Diving Into Heroku Private Spaces
Diving Into Heroku Private SpacesDiving Into Heroku Private Spaces
Diving Into Heroku Private SpacesSalesforce Developers
 
Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationSalesforce Developers
 
Lightning components performance best practices
Lightning components performance best practicesLightning components performance best practices
Lightning components performance best practicesSalesforce Developers
 
Lightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & BeyondLightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & BeyondSalesforce Developers
 
Building BOTS on App Cloud
Building BOTS on App CloudBuilding BOTS on App Cloud
Building BOTS on App CloudSalesforce Developers
 
Webinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce DeveloperWebinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce DeveloperSalesforce Developers
 
The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!Salesforce Developers
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
 
Migrating Visualforce Pages to Lightning
Migrating Visualforce Pages to LightningMigrating Visualforce Pages to Lightning
Migrating Visualforce Pages to LightningSalesforce Developers
 
Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016Laura Meerkatz
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Mastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced VisualforceMastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced VisualforceSalesforce Developers
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersSalesforce Developers
 
Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI API Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI APISalesforce Developers
 
Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2Salesforce Developers
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Salesforce Developers
 
Snap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile AppsSnap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile AppsSalesforce Developers
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Embed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-insEmbed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-insSalesforce Developers
 
Mds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introMds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introDavid Scruggs
 
Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components WorkshopSalesforce Developers
 

More Related Content

What's hot

Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationSalesforce Developers
 
Lightning components performance best practices
Lightning components performance best practicesLightning components performance best practices
Lightning components performance best practicesSalesforce Developers
 
Lightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & BeyondLightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & BeyondSalesforce Developers
 
Webinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce DeveloperWebinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce DeveloperSalesforce Developers
 
The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!Salesforce Developers
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsSalesforce Developers
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
 
Migrating Visualforce Pages to Lightning
Migrating Visualforce Pages to LightningMigrating Visualforce Pages to Lightning
Migrating Visualforce Pages to LightningSalesforce Developers
 
Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016Laura Meerkatz
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Mastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced VisualforceMastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced VisualforceSalesforce Developers
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersSalesforce Developers
 
Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI API Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI APISalesforce Developers
 
Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2Salesforce Developers
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Salesforce Developers
 
Snap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile AppsSnap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile AppsSalesforce Developers
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforceMark Adcock
 
Embed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-insEmbed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-insSalesforce Developers
 
Mds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introMds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introDavid Scruggs
 

What's hot (20)

Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social Authentication
 
Lightning components performance best practices
Lightning components performance best practicesLightning components performance best practices
Lightning components performance best practices
 
Lightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & BeyondLightning Updates: Summer, Winter & Beyond
Lightning Updates: Summer, Winter & Beyond
 
Building BOTS on App Cloud
Building BOTS on App CloudBuilding BOTS on App Cloud
Building BOTS on App Cloud
 
Webinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce DeveloperWebinar: Build Apps Customers Love as a Salesforce Developer
Webinar: Build Apps Customers Love as a Salesforce Developer
 
The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!The Salesforce Einstein Product Team: Ask Us Anything!
The Salesforce Einstein Product Team: Ask Us Anything!
 
Real Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform EventsReal Time Integration with Salesforce Platform Events
Real Time Integration with Salesforce Platform Events
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
 
Migrating Visualforce Pages to Lightning
Migrating Visualforce Pages to LightningMigrating Visualforce Pages to Lightning
Migrating Visualforce Pages to Lightning
 
Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016Intro to Lightning Components - Dreamforce 2016
Intro to Lightning Components - Dreamforce 2016
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE Evolved
 
Mastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced VisualforceMastering Force.com: Advanced Visualforce
Mastering Force.com: Advanced Visualforce
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
 
Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI API Build custom user interfaces for your Salesforce data with the UI API
Build custom user interfaces for your Salesforce data with the UI API
 
Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2Coding Apps in the Cloud with Force.com - Part 2
Coding Apps in the Cloud with Force.com - Part 2
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17
 
Snap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile AppsSnap-in Service to Web and Mobile Apps
Snap-in Service to Web and Mobile Apps
 
Integrating with salesforce
Integrating with salesforceIntegrating with salesforce
Integrating with salesforce
 
Embed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-insEmbed Customer Support into your Apps with Snap-ins
Embed Customer Support into your Apps with Snap-ins
 
Mds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introMds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce intro
 

Viewers also liked

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsMike White
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudSalesforce Developers
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform APISalesforce Developers
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSalesforce Developers
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopSalesforce Developers
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Salesforce Developers
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Salesforce Developers
 
Reinvent your App Dev Lifecycle with Continuous Delivery on Heroku
Reinvent your App Dev Lifecycle with Continuous Delivery on HerokuReinvent your App Dev Lifecycle with Continuous Delivery on Heroku
Reinvent your App Dev Lifecycle with Continuous Delivery on HerokuSalesforce Developers
 
Secure Development on the Salesforce Platform - Part 2
Secure Development on the Salesforce Platform - Part 2Secure Development on the Salesforce Platform - Part 2
Secure Development on the Salesforce Platform - Part 2Salesforce Developers
 
Unlock the Value of your Salesforce Data at Scale with Heroku Connect
Unlock the Value of your Salesforce Data at Scale with Heroku ConnectUnlock the Value of your Salesforce Data at Scale with Heroku Connect
Unlock the Value of your Salesforce Data at Scale with Heroku ConnectSalesforce Developers
 
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in Practice
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in PracticeUnite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in Practice
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in PracticeSalesforce Developers
 
Scala - from "Hello, World" to "Heroku Scale"
Scala - from "Hello, World" to "Heroku Scale"Scala - from "Hello, World" to "Heroku Scale"
Scala - from "Hello, World" to "Heroku Scale"Salesforce Developers
 
Spice up Your Internal Portal with Visualforce and Twitter Bootstrap
Spice up Your Internal Portal with Visualforce and Twitter BootstrapSpice up Your Internal Portal with Visualforce and Twitter Bootstrap
Spice up Your Internal Portal with Visualforce and Twitter BootstrapSalesforce Developers
 

Viewers also liked (19)

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best Practices
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components Workshop
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with Actions
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App Cloud
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform API
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best Practices
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform Workshop
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
 
Exploring the Salesforce REST API
Exploring the Salesforce REST APIExploring the Salesforce REST API
Exploring the Salesforce REST API
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2
 
SLDS and Lightning Components
SLDS and Lightning ComponentsSLDS and Lightning Components
SLDS and Lightning Components
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1
 
Reinvent your App Dev Lifecycle with Continuous Delivery on Heroku
Reinvent your App Dev Lifecycle with Continuous Delivery on HerokuReinvent your App Dev Lifecycle with Continuous Delivery on Heroku
Reinvent your App Dev Lifecycle with Continuous Delivery on Heroku
 
Secure Development on the Salesforce Platform - Part 2
Secure Development on the Salesforce Platform - Part 2Secure Development on the Salesforce Platform - Part 2
Secure Development on the Salesforce Platform - Part 2
 
Unlock the Value of your Salesforce Data at Scale with Heroku Connect
Unlock the Value of your Salesforce Data at Scale with Heroku ConnectUnlock the Value of your Salesforce Data at Scale with Heroku Connect
Unlock the Value of your Salesforce Data at Scale with Heroku Connect
 
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in Practice
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in PracticeUnite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in Practice
Unite Customer-Facing Apps with a Salesforce Backend: Heroku Connect in Practice
 
Scala - from "Hello, World" to "Heroku Scale"
Scala - from "Hello, World" to "Heroku Scale"Scala - from "Hello, World" to "Heroku Scale"
Scala - from "Hello, World" to "Heroku Scale"
 
Spice up Your Internal Portal with Visualforce and Twitter Bootstrap
Spice up Your Internal Portal with Visualforce and Twitter BootstrapSpice up Your Internal Portal with Visualforce and Twitter Bootstrap
Spice up Your Internal Portal with Visualforce and Twitter Bootstrap
 

Similar to Javascript Security and Lightning Locker Service

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceDeveloper Force
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexPeter Chittum
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsRitesh Aswaney
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceSalesforce Developers
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectTom Gersic
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To LightningChris Bacon
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersSalesforce Developers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceJayant Jindal
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsSalesforce Developers
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxVkrish Peru
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 
Create a Hybrid Mobile App With the Salesforce Mobile SDK
Create a Hybrid Mobile App With the Salesforce Mobile SDKCreate a Hybrid Mobile App With the Salesforce Mobile SDK
Create a Hybrid Mobile App With the Salesforce Mobile SDKSalesforce Developers
 

Similar to Javascript Security and Lightning Locker Service (20)

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threats
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open Source
 
Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to Apex
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
jsForce in Action
jsForce in ActionjsForce in Action
jsForce in Action
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction Objects
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to Visualforce
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration Methods
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku Connect
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To Lightning
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events Handlers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open Source
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android Apps
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 
Create a Hybrid Mobile App With the Salesforce Mobile SDK
Create a Hybrid Mobile App With the Salesforce Mobile SDKCreate a Hybrid Mobile App With the Salesforce Mobile SDK
Create a Hybrid Mobile App With the Salesforce Mobile SDK
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 

Recently uploaded

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 

Recently uploaded (20)

BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 

Javascript Security and Lightning Locker Service

  • 1. JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
  • 2. Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 4. ● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
  • 5. XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
  • 7. ● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
  • 8. Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
  • 10. LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
  • 11. ❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
  • 12. Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
  • 13. ● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
  • 14. Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning