Salesforce LockerService and Kendo UI Scheduler

7 posts, 0 answers
  1. Robert
    Robert avatar
    1 posts
    Member since:
    Mar 2009

    Posted 08 Mar 2018 Link to this post

    Hi

    Will Kendo UI Scheduler work within Salesforce LockerService?

    LockerService Isolation

    LockerService is the primary and preferred isolation mechanism for the Lightning Component Framework. LockerService wraps standard objects like window, document, and element inside a secure version of these objects (SecureWindow, SecureDocument and SecureElement) as a way to control access to APIs and regions of the DOM. When components are loaded, they are provided with the secure wrappers (secureWindow and secureDocument) in lieu of the standard objects (window and document). When a component invokes a method on the document or window object, the secure wrapper can apply appropriate security restrictions. For example, access to the DOM of another component will be:

    • Granted if the other component is in the same namespace
    • Denied if the other component is in a different namespace

    In addition to providing a sophisticated namespace-based access control mechanism, LockerService enforces a series of rules to further avoid security exploits:

    • JavaScript ES5 strict mode is automatically enabled. Libraries that do not support strict mode will not work with LockerService.
    • Content Security Policy (CSP). unsafe-eval and unsafe-inline are disallowed. Libraries using eval() or inline JavaScript code execution will not work with LockerService.

    The rules enforced by LockerService are recognized as industry best practices. However some libraries may not yet work with these restrictions enabled. In that case, we recommend you ask the library author to support strict mode and CSP. In the meantime, you can use the alternative Lightning Container Component isolation described below.

    LockerService Advantages

    • No iframe. Components live in the same DOM (better performance)
    • Straightforward, natural communication between components
    • Cohesive UI
    • Eliminates DOM scraping vulnerabilities
    • Mitigates the impact of developer mistakes such as the lack of proper escaping
    • Cross-site scripting (XSS) and template injection are no longer possible
    • Eliminate server-side action invocation/spoofing

    LockerService Limitations

    •  Non-compliant libraries will not work with LockerService

    https://developer.salesforce.com/blogs/developer-relations/2017/02/lockerservice-lightning-container-third-party-libraries-lightning-components.html

  2. Nencho
    Admin
    Nencho avatar
    1876 posts

    Posted 12 Mar 2018 Link to this post

    Hello Robert,

    I am afraid that no tests are performed in LockerService environment and we cannot grantee the proper behavior of our widgets. However, as you mentioned that the DOM is the same - there should be no issue in the usage of our widgets.

    Regards,
    Nencho
    Progress Telerik
    Try our brand new, jQuery-free Angular components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
  3. Gord
    Gord avatar
    1 posts
    Member since:
    Jul 2019

    Posted 09 Jul 2019 Link to this post

    Hello Nencho;

     

    I am in a similar situation as Robert.  The issue with Salesforce Locker Service, is that they have created their own "secure" version of various built-in JavaScript objects (SecureWindow, SecureElement etc.)  They severely limit (if not entirely block) most forms of DOM manipulation.  Salesforce has provided a test environment ( https://developer.salesforce.com/docs/component-library/tools/locker-service-console ) where you can paste JavaScript code and see if it works in Locker Service.  Most of my tests have resulted in errors so far, because even jQuery has some limitations that are blocked by Locker Service.

  4. Nencho
    Admin
    Nencho avatar
    1876 posts

    Posted 11 Jul 2019 Link to this post

    Hello Gord,

    We are currently revising the referenced environment, in order to evaluate the case. However, as you mentioned that even  jQuery is blocked in the environment, we will probably be with tied hands. I will update you in this thread, after the research.

    Regards,
    Nencho
    Progress Telerik
    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  5. Ianko
    Admin
    Ianko avatar
    1940 posts

    Posted 11 Jul 2019 Link to this post

    Hello Gord and Robert,

    Gord, your observations are correct. The jQuery library is not supported in Salesforce LockerService Isolation. As the Kendo UI library is build on top of jQuery and depends on jQuery, the Kendo UI widgets are not supported in Salesforce LockerService Isolation.

    Regards,
    Ianko
    Progress Telerik
    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  6. Praveen
    Praveen avatar
    1 posts
    Member since:
    Sep 2019

    Posted 21 Sep 2019 in reply to Ianko Link to this post

    Does it mean that we cannot use Kendo UI in lightning components?
  7. Ianko
    Admin
    Ianko avatar
    1940 posts

    Posted 24 Sep 2019 Link to this post

    Hi Praveen,

    As the lightning components do not support jQuery, any jQuery-based library cannot be supported as well.  

    Regards,
    Ianko
    Progress Telerik

    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
Back to Top