Salesforce LockerService and Kendo UI Scheduler

2 posts, 0 answers
  1. Robert
    Robert avatar
    1 posts
    Member since:
    Mar 2009

    Posted 08 Mar 2018 Link to this post


    Will Kendo UI Scheduler work within Salesforce LockerService?

    LockerService Isolation

    LockerService is the primary and preferred isolation mechanism for the Lightning Component Framework. LockerService wraps standard objects like window, document, and element inside a secure version of these objects (SecureWindow, SecureDocument and SecureElement) as a way to control access to APIs and regions of the DOM. When components are loaded, they are provided with the secure wrappers (secureWindow and secureDocument) in lieu of the standard objects (window and document). When a component invokes a method on the document or window object, the secure wrapper can apply appropriate security restrictions. For example, access to the DOM of another component will be:

    • Granted if the other component is in the same namespace
    • Denied if the other component is in a different namespace

    In addition to providing a sophisticated namespace-based access control mechanism, LockerService enforces a series of rules to further avoid security exploits:

    • JavaScript ES5 strict mode is automatically enabled. Libraries that do not support strict mode will not work with LockerService.
    • Content Security Policy (CSP). unsafe-eval and unsafe-inline are disallowed. Libraries using eval() or inline JavaScript code execution will not work with LockerService.

    The rules enforced by LockerService are recognized as industry best practices. However some libraries may not yet work with these restrictions enabled. In that case, we recommend you ask the library author to support strict mode and CSP. In the meantime, you can use the alternative Lightning Container Component isolation described below.

    LockerService Advantages

    • No iframe. Components live in the same DOM (better performance)
    • Straightforward, natural communication between components
    • Cohesive UI
    • Eliminates DOM scraping vulnerabilities
    • Mitigates the impact of developer mistakes such as the lack of proper escaping
    • Cross-site scripting (XSS) and template injection are no longer possible
    • Eliminate server-side action invocation/spoofing

    LockerService Limitations

    •  Non-compliant libraries will not work with LockerService

  2. Nencho
    Nencho avatar
    1777 posts

    Posted 12 Mar 2018 Link to this post

    Hello Robert,

    I am afraid that no tests are performed in LockerService environment and we cannot grantee the proper behavior of our widgets. However, as you mentioned that the DOM is the same - there should be no issue in the usage of our widgets.

    Progress Telerik
    Try our brand new, jQuery-free Angular components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
Back to Top