Newer Version Available
Develop Secure Code: Lightning Locker and CSP
Lightning communities use Content Security Policy (CSP) and Lightning Locker to secure
the community from malicious resources and component vulnerabilities. Factor in the potential
impact of these security levels when you develop custom Lightning components to use in a
community, or if you include inline scripts or remote resources and scripts in the community’s
head markup.
Lightning Locker and CSP for Aura components are documented in “Developing Secure Code” in the Lightning Aura Components Developer Guide. If you’re creating Aura components, use that guide as your main point of reference for developing secure code in Aura components.
Lightning Locker and CSP for Lightning web components are documented in “Security with Lightning Locker” in the Lightning Web Components Developer Guide. If you’re creating Lightning web components, use that guide as your main point of reference.