SlideShare a Scribd company logo

Javascript Security and Lightning Locker Service

Salesforce Developers
Salesforce Developers

This session will introduce Locker Service, a new feature of the Lightning Component Framework which serves to manage JavaScript security while rendering Lightning applications. Get the background on why Locker Service is necessary, what you'll need to know to implement and the advantages it offers the platform.

Software
1 of 17
Download to read offline
JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
JavaScript Security
● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
XSS DEMO
● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
Introducing LockerService
LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning
Questions?
thank y u
Javascript Security and Lightning Locker Service

Recommended

使用Azure Boards實現Scrum.pdf
使用Azure Boards實現Scrum.pdf使用Azure Boards實現Scrum.pdf
使用Azure Boards實現Scrum.pdfDerek Chen
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Agile 2010 Estimation Games
Agile 2010 Estimation GamesAgile 2010 Estimation Games
Agile 2010 Estimation GamesAgileCoach.net
 
Bio catch
Bio catchBio catch
Bio catchYanivt
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft SharePoint
Microsoft SharePointMicrosoft SharePoint
Microsoft SharePointDavid J Rosenthal
 

Recommended

使用Azure Boards實現Scrum.pdf
使用Azure Boards實現Scrum.pdf使用Azure Boards實現Scrum.pdf
使用Azure Boards實現Scrum.pdfDerek Chen
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Jack Forbes
 
Agile 2010 Estimation Games
Agile 2010 Estimation GamesAgile 2010 Estimation Games
Agile 2010 Estimation GamesAgileCoach.net
 
Bio catch
Bio catchBio catch
Bio catchYanivt
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Microsoft SharePoint
Microsoft SharePointMicrosoft SharePoint
Microsoft SharePointDavid J Rosenthal
 
Intelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrechtIntelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrechtCapgemini
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Customer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases EffectivelyCustomer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases EffectivelyInternetCreations
 
Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...Troy Magennis
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQLScott Sutherland
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Okta-Inc
 
Privileged Access Manager POC Guidelines
Privileged Access Manager POC GuidelinesPrivileged Access Manager POC Guidelines
Privileged Access Manager POC GuidelinesHitachi ID Systems, Inc.
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?Joanne Klein
 
Training from the BACK of the Room
Training from the BACK of the RoomTraining from the BACK of the Room
Training from the BACK of the Roomsparkagility
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Setting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSetting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSalesforce Developers
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Hunting_GrrCON22.pdf
Hunting_GrrCON22.pdfHunting_GrrCON22.pdf
Hunting_GrrCON22.pdfPaül Jaramillo
 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting JenkinsBrian Hysell
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components WorkshopSalesforce Developers
 

More Related Content

What's hot

Intelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrechtIntelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrechtCapgemini
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
Customer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases EffectivelyCustomer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases EffectivelyInternetCreations
 
Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...Troy Magennis
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQLScott Sutherland
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Okta-Inc
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?Joanne Klein
 
Training from the BACK of the Room
Training from the BACK of the RoomTraining from the BACK of the Room
Training from the BACK of the Roomsparkagility
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Setting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSetting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSalesforce Developers
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting JenkinsBrian Hysell
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 

What's hot (20)

Intelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrechtIntelligent automation appian sathya srinmivasan cwin18-utrecht
Intelligent automation appian sathya srinmivasan cwin18-utrecht
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
 
Customer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases EffectivelyCustomer Service in Salesforce: Managing Cases Effectively
Customer Service in Salesforce: Managing Cases Effectively
 
Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...Prioritization – 10 different techniques for optimizing what to start next ...
Prioritization – 10 different techniques for optimizing what to start next ...
 
2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL2019 Blackhat Booth Presentation - PowerUpSQL
2019 Blackhat Booth Presentation - PowerUpSQL
 
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
Pre-built, Secure Identity Layer for Consumer Websites, B2B Portals and SaaS ...
 
Privileged Access Manager POC Guidelines
Privileged Access Manager POC GuidelinesPrivileged Access Manager POC Guidelines
Privileged Access Manager POC Guidelines
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
SharePoint Site Architecture: Flat, Deep or somewhere in the middle?
 
Training from the BACK of the Room
Training from the BACK of the RoomTraining from the BACK of the Room
Training from the BACK of the Room
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Setting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce InstanceSetting up Security in Your Salesforce Instance
Setting up Security in Your Salesforce Instance
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Hunting_GrrCON22.pdf
Hunting_GrrCON22.pdfHunting_GrrCON22.pdf
Hunting_GrrCON22.pdf
 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting Jenkins
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 

Viewers also liked

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
 
Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationSalesforce Developers
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Salesforce Developers
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsMike White
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudSalesforce Developers
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform APISalesforce Developers
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced FeaturesSalesforce Developers
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSalesforce Developers
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopSalesforce Developers
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Salesforce Developers
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Salesforce Developers
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersSalesforce Developers
 

Viewers also liked (20)

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best Practices
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components Workshop
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
 
Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social Authentication
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with Actions
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App Cloud
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE Evolved
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform API
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced Features
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best Practices
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform Workshop
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
 
Exploring the Salesforce REST API
Exploring the Salesforce REST APIExploring the Salesforce REST API
Exploring the Salesforce REST API
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2
 
SLDS and Lightning Components
SLDS and Lightning ComponentsSLDS and Lightning Components
SLDS and Lightning Components
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning Exchange
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
 

Similar to Javascript Security and Lightning Locker Service

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceDeveloper Force
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexPeter Chittum
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsRitesh Aswaney
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceSalesforce Developers
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectTom Gersic
 
Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerSalesforce Developers
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To LightningChris Bacon
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersSalesforce Developers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceJayant Jindal
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsSalesforce Developers
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxVkrish Peru
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 

Similar to Javascript Security and Lightning Locker Service (20)

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threats
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open Source
 
Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to Apex
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
jsForce in Action
jsForce in ActionjsForce in Action
jsForce in Action
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction Objects
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to Visualforce
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration Methods
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku Connect
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
 
Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime Debugger
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To Lightning
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events Handlers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open Source
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android Apps
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An Introduction
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 

Recently uploaded

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 

Recently uploaded (20)

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 

Javascript Security and Lightning Locker Service

  • 1. JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
  • 2. Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 4. ● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
  • 5. XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
  • 7. ● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
  • 8. Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
  • 10. LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
  • 11. ❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
  • 12. Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
  • 13. ● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
  • 14. Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning