SlideShare a Scribd company logo

Javascript Security and Lightning Locker Service

Salesforce Developers
Salesforce Developers

This session will introduce Locker Service, a new feature of the Lightning Component Framework which serves to manage JavaScript security while rendering Lightning applications. Get the background on why Locker Service is necessary, what you'll need to know to implement and the advantages it offers the platform.

Software
1 of 17
Download to read offline
JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
JavaScript Security
● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
XSS DEMO
● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
Introducing LockerService
LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning
Questions?
thank y u
Javascript Security and Lightning Locker Service

Recommended

Lightning Locker Services
Lightning Locker ServicesLightning Locker Services
Lightning Locker ServicesAmit Chaudhary
 
Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Nidhi Sharma
 
Java 13 Excecoes
Java 13 ExcecoesJava 13 Excecoes
Java 13 ExcecoesRegis Magalhães
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
API & Backend Integration
API & Backend IntegrationAPI & Backend Integration
API & Backend IntegrationElewayte
 
Abhishek Resume QA
Abhishek Resume QAAbhishek Resume QA
Abhishek Resume QAAbhishek Pandey
 
JavaScript - Chapter 1 - Problem Solving
JavaScript - Chapter 1 - Problem Solving JavaScript - Chapter 1 - Problem Solving
JavaScript - Chapter 1 - Problem SolvingWebStackAcademy
 
Salesforce Deck Template
Salesforce Deck TemplateSalesforce Deck Template
Salesforce Deck TemplatePhil Weinmeister
 

Recommended

Lightning Locker Services
Lightning Locker ServicesLightning Locker Services
Lightning Locker ServicesAmit Chaudhary
 
Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Lightning web components - Introduction, component Lifecycle, Events, decorat...
Lightning web components - Introduction, component Lifecycle, Events, decorat...Nidhi Sharma
 
Java 13 Excecoes
Java 13 ExcecoesJava 13 Excecoes
Java 13 ExcecoesRegis Magalhães
 
Lightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionLightning web components - Episode 1 - An Introduction
Lightning web components - Episode 1 - An IntroductionSalesforce Developers
 
API & Backend Integration
API & Backend IntegrationAPI & Backend Integration
API & Backend IntegrationElewayte
 
Abhishek Resume QA
Abhishek Resume QAAbhishek Resume QA
Abhishek Resume QAAbhishek Pandey
 
JavaScript - Chapter 1 - Problem Solving
JavaScript - Chapter 1 - Problem Solving JavaScript - Chapter 1 - Problem Solving
JavaScript - Chapter 1 - Problem SolvingWebStackAcademy
 
Salesforce Deck Template
Salesforce Deck TemplateSalesforce Deck Template
Salesforce Deck TemplatePhil Weinmeister
 
Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validationMaitree Patel
 
Salesforce Investor Day 2017
Salesforce Investor Day 2017Salesforce Investor Day 2017
Salesforce Investor Day 2017Salesforce Investor Relations
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Salesforce Partners
 
Cracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsCracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsGanesh Samarthyam
 
3 relational model
3 relational model3 relational model
3 relational modelUtkarsh De
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web ComponentMohith Shrivastava
 
Lebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_HanLebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_HanIhsan Han
 
Servlet sessions
Servlet sessionsServlet sessions
Servlet sessionsvantinhkhuc
 
Microsoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation MaterialMicrosoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation MaterialAileen Gusni
 
Lightning Web Component in Salesforce
Lightning Web Component in SalesforceLightning Web Component in Salesforce
Lightning Web Component in SalesforceJitendra Zaa
 
Salesforce Lightning workshop
Salesforce Lightning workshopSalesforce Lightning workshop
Salesforce Lightning workshopShivanath Devinarayanan
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsRoy Gilad
 
Functions in javascript
Functions in javascriptFunctions in javascript
Functions in javascriptbaabtra.com - No. 1 supplier of quality freshers
 
Introduction to Salesforce.com
Introduction to Salesforce.comIntroduction to Salesforce.com
Introduction to Salesforce.comEdureka!
 
Software Testing
Software Testing Software Testing
Software Testing cpjcollege
 
JavaScript: Events Handling
JavaScript: Events HandlingJavaScript: Events Handling
JavaScript: Events HandlingYuriy Bezgachnyuk
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWCSalesforce Developers
 
WEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScriptWEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScriptJyothishmathi Institute of Technology and Science Karimnagar
 
Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components WorkshopSalesforce Developers
 

More Related Content

What's hot

Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validationMaitree Patel
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Salesforce Partners
 
Cracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsCracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsGanesh Samarthyam
 
3 relational model
3 relational model3 relational model
3 relational modelUtkarsh De
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web ComponentMohith Shrivastava
 
Lebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_HanLebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_HanIhsan Han
 
Servlet sessions
Servlet sessionsServlet sessions
Servlet sessionsvantinhkhuc
 
Microsoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation MaterialMicrosoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation MaterialAileen Gusni
 
Lightning Web Component in Salesforce
Lightning Web Component in SalesforceLightning Web Component in Salesforce
Lightning Web Component in SalesforceJitendra Zaa
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementSalesforce Developers
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsRoy Gilad
 
Introduction to Salesforce.com
Introduction to Salesforce.comIntroduction to Salesforce.com
Introduction to Salesforce.comEdureka!
 
Software Testing
Software Testing Software Testing
Software Testing cpjcollege
 

What's hot (20)

Form using html and java script validation
Form using html and java script validationForm using html and java script validation
Form using html and java script validation
 
Salesforce Investor Day 2017
Salesforce Investor Day 2017Salesforce Investor Day 2017
Salesforce Investor Day 2017
 
Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)Choosing the Right Demo Environment (Salesforce Partners)
Choosing the Right Demo Environment (Salesforce Partners)
 
Cracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsCracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 Exams
 
3 relational model
3 relational model3 relational model
3 relational model
 
Introduction to lightning Web Component
Introduction to lightning Web ComponentIntroduction to lightning Web Component
Introduction to lightning Web Component
 
Lebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_HanLebenslauf_-_Ihsan_Han
Lebenslauf_-_Ihsan_Han
 
Servlet sessions
Servlet sessionsServlet sessions
Servlet sessions
 
Microsoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation MaterialMicrosoft Dynamics CRM 2015 Pre-sales Presentation Material
Microsoft Dynamics CRM 2015 Pre-sales Presentation Material
 
Lightning Web Component in Salesforce
Lightning Web Component in SalesforceLightning Web Component in Salesforce
Lightning Web Component in Salesforce
 
Salesforce Lightning workshop
Salesforce Lightning workshopSalesforce Lightning workshop
Salesforce Lightning workshop
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce Org
 
From Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release ManagementFrom Sandbox To Production: An Introduction to Salesforce Release Management
From Sandbox To Production: An Introduction to Salesforce Release Management
 
How to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce LimitsHow to Use Salesforce Platform Events to Help With Salesforce Limits
How to Use Salesforce Platform Events to Help With Salesforce Limits
 
Functions in javascript
Functions in javascriptFunctions in javascript
Functions in javascript
 
Introduction to Salesforce.com
Introduction to Salesforce.comIntroduction to Salesforce.com
Introduction to Salesforce.com
 
Software Testing
Software Testing Software Testing
Software Testing
 
JavaScript: Events Handling
JavaScript: Events HandlingJavaScript: Events Handling
JavaScript: Events Handling
 
Live coding with LWC
Live coding with LWCLive coding with LWC
Live coding with LWC
 
WEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScriptWEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScript
 

Viewers also liked

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesSalesforce Developers
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileSalesforce Developers
 
Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationSalesforce Developers
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Salesforce Developers
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsMike White
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudSalesforce Developers
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedSalesforce Developers
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Salesforce Developers
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform APISalesforce Developers
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced FeaturesSalesforce Developers
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSalesforce Developers
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopSalesforce Developers
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Salesforce Developers
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Salesforce Developers
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeSalesforce Developers
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersSalesforce Developers
 

Viewers also liked (20)

Lightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best PracticesLightning Experience with Visualforce Best Practices
Lightning Experience with Visualforce Best Practices
 
Lightning Components Workshop
Lightning Components WorkshopLightning Components Workshop
Lightning Components Workshop
 
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud MobileBuild, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
Build, Manage, and Deploy Mobile Apps Faster with App Cloud Mobile
 
Advanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social AuthenticationAdvanced Platform Series - OAuth and Social Authentication
Advanced Platform Series - OAuth and Social Authentication
 
Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17Building apps faster with lightning and winter '17
Building apps faster with lightning and winter '17
 
Preparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with ActionsPreparing for Lightning: Replacing URL Hacks with Actions
Preparing for Lightning: Replacing URL Hacks with Actions
 
Lighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App CloudLighting up the Bay, Real-World App Cloud
Lighting up the Bay, Real-World App Cloud
 
Lightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE EvolvedLightning Developer Experience, Eclipse IDE Evolved
Lightning Developer Experience, Eclipse IDE Evolved
 
Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1Easy REST Integrations with Lightning Components and Salesforce1
Easy REST Integrations with Lightning Components and Salesforce1
 
Introduction to the Wave Platform API
Introduction to the Wave Platform APIIntroduction to the Wave Platform API
Introduction to the Wave Platform API
 
Lightning Components - Advanced Features
Lightning Components - Advanced FeaturesLightning Components - Advanced Features
Lightning Components - Advanced Features
 
Secure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best PracticesSecure Salesforce: Lightning Components Best Practices
Secure Salesforce: Lightning Components Best Practices
 
Process Automation on Lightning Platform Workshop
Process Automation on Lightning Platform WorkshopProcess Automation on Lightning Platform Workshop
Process Automation on Lightning Platform Workshop
 
Introduction to Apex for Developers
Introduction to Apex for DevelopersIntroduction to Apex for Developers
Introduction to Apex for Developers
 
Exploring the Salesforce REST API
Exploring the Salesforce REST APIExploring the Salesforce REST API
Exploring the Salesforce REST API
 
Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2Mastering the Lightning Framework - Part 2
Mastering the Lightning Framework - Part 2
 
SLDS and Lightning Components
SLDS and Lightning ComponentsSLDS and Lightning Components
SLDS and Lightning Components
 
Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1Mastering the Lightning Framework - Part 1
Mastering the Lightning Framework - Part 1
 
Build and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning ExchangeBuild and Package Lightning Components for Lightning Exchange
Build and Package Lightning Components for Lightning Exchange
 
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through ControllersLightning Data Service: Eliminate Your Need to Load Records Through Controllers
Lightning Data Service: Eliminate Your Need to Load Records Through Controllers
 

Similar to Javascript Security and Lightning Locker Service

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceDeveloper Force
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexPeter Chittum
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsRitesh Aswaney
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceSalesforce Developers
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectTom Gersic
 
Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerSalesforce Developers
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To LightningChris Bacon
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersSalesforce Developers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceJayant Jindal
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsSalesforce Developers
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxVkrish Peru
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureElasticsearch
 

Similar to Javascript Security and Lightning Locker Service (20)

How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threats
 
Get Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open SourceGet Started with Lightning Web Components Open Source
Get Started with Lightning Web Components Open Source
 
Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex Force.com Friday : Intro to Apex
Force.com Friday : Intro to Apex
 
CCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to ApexCCT London 2013 Theatre Intro to Apex
CCT London 2013 Theatre Intro to Apex
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
jsForce in Action
jsForce in ActionjsForce in Action
jsForce in Action
 
Visualforce Hack for Junction Objects
Visualforce Hack for Junction ObjectsVisualforce Hack for Junction Objects
Visualforce Hack for Junction Objects
 
Force.com Friday : Intro to Visualforce
Force.com Friday : Intro to VisualforceForce.com Friday : Intro to Visualforce
Force.com Friday : Intro to Visualforce
 
API Design for Your Packaged App
API Design for Your Packaged AppAPI Design for Your Packaged App
API Design for Your Packaged App
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration Methods
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku Connect
 
Introduction to Apex Triggers
Introduction to Apex TriggersIntroduction to Apex Triggers
Introduction to Apex Triggers
 
Unleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime DebuggerUnleash the Power of Apex Realtime Debugger
Unleash the Power of Apex Realtime Debugger
 
Developers Introduction To Lightning
Developers Introduction To LightningDevelopers Introduction To Lightning
Developers Introduction To Lightning
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 
Building Visualforce Custom Events Handlers
Building Visualforce Custom Events HandlersBuilding Visualforce Custom Events Handlers
Building Visualforce Custom Events Handlers
 
Salesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open SourceSalesforce Lightning Web Components - Open Source
Salesforce Lightning Web Components - Open Source
 
Intro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android AppsIntro to the Salesforce Mobile SDK: Building Android Apps
Intro to the Salesforce Mobile SDK: Building Android Apps
 
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptxLWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
LWC_Workbxcgbgfbgfbfgbfgbfbfbshop_Day2.pptx
 
Streamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft AzureStreamline search with Elasticsearch Service on Microsoft Azure
Streamline search with Elasticsearch Service on Microsoft Azure
 

More from Salesforce Developers

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSalesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceSalesforce Developers
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base ComponentsSalesforce Developers
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsSalesforce Developers
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaSalesforce Developers
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentSalesforce Developers
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsSalesforce Developers
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsSalesforce Developers
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingSalesforce Developers
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilitySalesforce Developers
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataSalesforce Developers
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPSalesforce Developers
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceSalesforce Developers
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureSalesforce Developers
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DXSalesforce Developers
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectSalesforce Developers
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesSalesforce Developers
 

More from Salesforce Developers (20)

Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Maximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component PerformanceMaximizing Salesforce Lightning Experience and Lightning Component Performance
Maximizing Salesforce Lightning Experience and Lightning Component Performance
 
Local development with Open Source Base Components
Local development with Open Source Base ComponentsLocal development with Open Source Base Components
Local development with Open Source Base Components
 
TrailheaDX India : Developer Highlights
TrailheaDX India : Developer HighlightsTrailheaDX India : Developer Highlights
TrailheaDX India : Developer Highlights
 
Why developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX IndiaWhy developers shouldn’t miss TrailheaDX India
Why developers shouldn’t miss TrailheaDX India
 
CodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local DevelopmentCodeLive: Build Lightning Web Components faster with Local Development
CodeLive: Build Lightning Web Components faster with Local Development
 
CodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web ComponentsCodeLive: Converting Aura Components to Lightning Web Components
CodeLive: Converting Aura Components to Lightning Web Components
 
Enterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web ComponentsEnterprise-grade UI with open source Lightning Web Components
Enterprise-grade UI with open source Lightning Web Components
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Lightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and TestingLightning web components - Episode 4 : Security and Testing
Lightning web components - Episode 4 : Security and Testing
 
LWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura InteroperabilityLWC Episode 3- Component Communication and Aura Interoperability
LWC Episode 3- Component Communication and Aura Interoperability
 
Lightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce dataLightning web components episode 2- work with salesforce data
Lightning web components episode 2- work with salesforce data
 
Migrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCPMigrating CPQ to Advanced Calculator and JSQCP
Migrating CPQ to Advanced Calculator and JSQCP
 
Scale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in SalesforceScale with Large Data Volumes and Big Objects in Salesforce
Scale with Large Data Volumes and Big Objects in Salesforce
 
Replicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data CaptureReplicate Salesforce Data in Real Time with Change Data Capture
Replicate Salesforce Data in Real Time with Change Data Capture
 
Modern Development with Salesforce DX
Modern Development with Salesforce DXModern Development with Salesforce DX
Modern Development with Salesforce DX
 
Get Into Lightning Flow Development
Get Into Lightning Flow DevelopmentGet Into Lightning Flow Development
Get Into Lightning Flow Development
 
Integrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS ConnectIntegrate CMS Content Into Lightning Communities with CMS Connect
Integrate CMS Content Into Lightning Communities with CMS Connect
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Modern App Dev: Modular Development Strategies
Modern App Dev: Modular Development StrategiesModern App Dev: Modular Development Strategies
Modern App Dev: Modular Development Strategies
 

Recently uploaded

Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 

Recently uploaded (20)

Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 

Javascript Security and Lightning Locker Service

  • 1. JavaScript Security and Lightning LockerService Josh Birk Developer Evangelist Doug Chasman Distinguished Engineer
  • 2. Forward-Looking Statements Statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
  • 4. ● Loosely Typed, “Everything is an Object” ● DOM (Document Object Model) fully accessible ● Browser provides access to events, URL’s, cookies, etc. ● Persistence and State possible via cookies, LocalStorage, etc. Notable Aspects of JavaScript
  • 5. XSS (Cross Site Scripting): Website allows dynamic content ● Document.write ● DOM updates ● User provided uploads Attacker injects malicious code ● Window.location ● Event Targets Website updated with malicious code Subsequent visits run malicious code User updates status Status includes script statement Status is stored in the database Visiting the status page runs exploit
  • 7. ● Data extraction ● Database manipulation ● Keystroke logging ● Window Location hacking ● Form entry manipulation Possible XSS Outcomes
  • 8. Component Level Security Out of the box, components have DOM access to each other, shared access to the window and event structures, and access to any client side API.
  • 10. LockerService LockerService uses various technologies and techniques that are intended to do the following: Prevent: ● XSS and similar security issues ● Unrestricted DOM access ● Calling undocumented/private APIs • Enable: ● Cool new features like client-side API versioning ● Faster security review ● Better JS development practices ● Easily updating security features and policies
  • 11. ❖ Loosely Typed, “Everything is an Object” ➢ LockerService uses Strict mode and enforces CSP ❖ DOM (Document Object Model) fully accessible ➢ LockerService replaces DOM with a Virtual DOM Proxy ❖ Browser provides access to events, URL’s, cookies, etc. ➢ LockerService either replaces or blocks access ❖ Persistence and State possible via cookies, LocalStorage, etc. ➢ LockerService either replaces or blocks access Notable Aspects of JavaScript
  • 12. Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
  • 13. ● Summer ‘16 ○ Automatically turned ON in brand-new Summer ‘16 Orgs ○ Also turned ON in older Orgs without Lighting Components ○ Critical update for Orgs with at least one Lightning Component ○ Can be toggled, either directly or by request ● Winter ‘17 ○ Turned ON in all Orgs LockerService
  • 14. Salesforce Lightning CLI https://www.npmjs.com/package/salesforce-lightning-cli Sublime Lightning Plugin https://github.com/dcarroll/sublime-lightning