Lightning Locker uses various technologies and techniques to make Lightning Components secure. It is powerful security architecture for Lightning components. Locker Service enhances security by isolating Lightning components that belong to one namespace from components in a different namespace. Locker Service also promotes best practices that improve the supportability of your code by only allowing access to supported APIs and eliminating access to non-published framework internals.
At a high level, Lightning Locker uses various technologies and techniques that are intended to do the following:
Prevent:
· Components from causing XSS and similar security issues
· Components from reading other component’s rendered data without any restrictions
· Components from calling undocumented/private APIs
Enable:
· Cool new features like client-side API versioning similar to REST API versioning*
· Faster security review
· Better and more secure JS development practices
· Running 3rd party JS frameworks like React, Angular and so on*
· Easily adding or removing new security features and policies'