Will Kendo UI Scheduler work within Salesforce LockerService?
LockerService is the primary and preferred isolation mechanism for the Lightning Component Framework. LockerService wraps standard objects like window, document, and element inside a secure version of these objects (SecureWindow, SecureDocument and SecureElement) as a way to control access to APIs and regions of the DOM. When components are loaded, they are provided with the secure wrappers (secureWindow and secureDocument) in lieu of the standard objects (window and document). When a component invokes a method on the document or window object, the secure wrapper can apply appropriate security restrictions. For example, access to the DOM of another component will be:
- Granted if the other component is in the same namespace
- Denied if the other component is in a different namespace
In addition to providing a sophisticated namespace-based access control mechanism, LockerService enforces a series of rules to further avoid security exploits:
The rules enforced by LockerService are recognized as industry best practices. However some libraries may not yet work with these restrictions enabled. In that case, we recommend you ask the library author to support strict mode and CSP. In the meantime, you can use the alternative Lightning Container Component isolation described below.
- No iframe. Components live in the same DOM (better performance)
- Straightforward, natural communication between components
- Cohesive UI
- Eliminates DOM scraping vulnerabilities
- Mitigates the impact of developer mistakes such as the lack of proper escaping
- Cross-site scripting (XSS) and template injection are no longer possible
- Eliminate server-side action invocation/spoofing
- Non-compliant libraries will not work with LockerService