Salesforce Lightning Locker for Enterprise Excellence

Salesforce Lightning Locker for Enterprise Excellence

Lightning Locker is a security architecture developed for Lightning components. The Salesforce Lightning Locker Service prevents security issues when you build your own components or even include third-party libraries in the lightning components. Locker Service applies security in Lightning experience, Salesforce, Template-based communities, Standalone apps, Lightning out, and Lightning components for visual force. Lightning locker also improves code supportability by allowing access to supported APIs, and eliminating access to non-published framework internals.

What Does Lightning Locker Affect?

Salesforce Lightning Locker carries out security and best practices for custom Lightning components used in the following:

  • Lightning Experience
  • Salesforce mobile app
  • Lightning Communities
  • Flows
  • Standalone apps that you create (for example, to run in Salesforce Classic or Lightning Experience
  • Any other app where you can add a custom Lightning component, such as Salesforce Console in Lightning Experience
  • Lightning Out
  • Visualforce pages in Salesforce Classic
  • Visualforce-based communities

How to Enable a Lightning Locker?

Lightning locker is automatically authorized for component bundles having API version 40 or above.

How to Disable the Lightning Locker?

One can disable the lightning locker by making the change to the API version of the lightning component bundle to 39 or below. Component versioning allows you to integrate a component with a Salesforce API version. While creating a component, the default version is the newest API version.

In previous releases, one could able to set the API version of a component to 39.0 using the Developer Console. On the other hand, you cannot utilize the console for this purpose because the console holds up only the six previous API versions.

Now, the API version can be set in the component’s metadata file by utilizing Salesforce CLI. In the AuraDefinitionBundle metadata of your component, use the APIVersion field to adjust the API version to 39.0.

In the below example – the metadata file myComponent.cmp-meta.xml for component myComponent.cmp sets the API version to 39.0:

< ?xml version="1.0" encoding="UTF-8" ?> < AuraDefinitionBundle xmlns=" " > 39.0 My Component < /AuraDefinitionBundle >

Change the Locker API Version for your Org

  • From Setup, enter Session in the Quick Find box, and then select Session Settings.
  • In the Locker API Version section, for the Use security enhancements in API version field, select the API version.
  • Click Save.

Lightning Locker Tools

Lightning Locker tool allows you to build more secure code that run efficiently with Lightning Locker

Lightning Locker API Viewer

Locker API Viewer displays Lightning Locker’s support of the standard DOM APIs in the Window, Document and Element objects. The SecureWindow, SecureDocument and SecureElement wrappers prevent use of non-supported APIs.

Locker Console Overview

To check out the JavaScript code’s compatibility with Lightning Locker, use Locker Console. You can then compare how it runs while Lightning Locker is enabled or disabled.

Advantages of Lightning Locker

  • If one component belongs to a different namespace, another component cannot traverse the DOM. For instance – we cannot read the DOM of lightning base components as they belong to the “Lightning” namespace.
  • The custom components do not have authority to system APIs. For instance – custom component cannot access $A.eventService API
  • The javascript strict mode is by default enable and need not be specified specifically.
  • Access to external JS libraries is restricted without uploading those in the static resource
  • Salesforce authorized or out-of-the-box components will have unrestricted access to Document Object Model (DOM) and APIs, as all the components will operate in System Mode.
  • All above-listed features make your component more secure.

Disadvantages of Lightning Locker Services

  • JS libraries which are non-locker service complaint will not work.
  • Document Object Model manipulation has become more restrictive.


When it comes to developing an app on the cloud by using lightning web components, Salesforce lightning makes the process easy. Salesforce lightning lets you automate the sales process of your organization, build apps at lightning speed, and provide access to your data anytime, anywhere.

Hire our Salesforce lightning developers who assist you to manage all your Salesforce tasks including Salesforce Lightning Locker Services. At Solvios Technology, we are a group of trusted Salesforce development company in the USA, delivering enterprise solutions to boost your business.