Introduction

• Lightning Locker provides component isolation and security that allows code from many sources to execute and interact using safe, standard APIs and event mechanisms.
• Lightning Locker is enabled for all custom Lightning web components.

JavaScript Strict Mode Enforcement

• In JavaScript, strict mode is enforced in modules but optional in regular programs. However, Lightning Locker implicitly enables JavaScript strict mode everywhere. You don’t need to specify "use strict" in your code.
• JavaScript strict mode makes code more secure, robust, and supportable.
• Examples of unsafe actions include assigning values to non-writable properties and using a variable that hasn’t been declared.

A few common stumbling points when using strict mode are:

• You must declare all variables. Use any of the var, let, or const declarations in libraries or modules.
• To share code between components, you must export variables and functions from modules and import them into other modules.
• The libraries that your components use must also work in strict mode.

DOM Access Containment

• A component can only traverse the DOM and access elements that it created. This behavior prevents the anti-pattern of reaching into DOM elements owned by other components.
• LWC can’t use the window or document global properties to query for DOM elements. For example, use this.template.querySelector() instead of document.querySelector().

Secure Wrappers

SecureWindow

If a Lightning web component and an Aura component belong to the same namespace, they share the same SecureWindow instance.

SecureDocument

• Secure wrapper for the document object, which represents the root node of the HTML document or page. The document object is the entry point into the page’s content, which is the DOM tree.