Premium support for our pure JavaScript UI components
Hej!
Salesforce is working on a new security layer to replace the Locker Service named "Lightning Web Security" and it is now in beta as of Winter'22 release.
This new technology brings some long awaited features to Lightning web components, but it is not without fault.
Whilst testing integration with third party libraries I have discovered the following issues that affect your component bundle functionality:
The global window
reference is null
, which passes the (typeof !== 'undefined')
check in BrowserHelper.isBrowserEnv
but causes issues everywhere else. Solution: inject const window = globalThis;
into the bundle file at compile time.
The Core/helper/AjaxHelper
calls BrowserHelper.queryString?.__resourceRoot
which creates new URL
from window.location.href
which throws because href
is undefined
. Solution: always return empty object from queryString
because AjaxHelper
is useless in LWC environment anyway.
The Core/helper/EventHelper
throws in the fixEvent()
method attempting to read the type
property of the event
parameter. Solution: remove the following line from EventHelperOverride
: event = Object.create(event);
. Looks like LWS is very particular about the Event object.
After Grid/view/SubGrid
builds grid rows in onAddRow()
and inserts them to the DOM, all data-
attributes are missing from grid cells, which prevents column resize and other cell level manipulation. There is no solution for this problem at the moment. I have created an isolated (not using Bryntum code) reproduction of this issue and reported it to the PM for Lightning Web Security.
I hope you find this information useful.
Thank you for your tips! This is definitely useful and will save us a lot of time!
Please keep in mind that Lightning Web Security is still in beta and it must be manually activated in the org.
The old Locker service is still on by default, so you don't need to take any immediate action. This was just a heads up.
Much appreciated Aleksei!
Salesforce has confirmed that Lightning Web Security (LWS) will be Generally Available (GA) in the Spring'22 release (timed between mid January and mid February), although this will be a gradual rollout spanning multiple releases.
I'm working closely with them to ensure that the dataset
bug and any other potentially blocking issues are addressed in time.
FYI
Today Salesforce has published Spring'22 release notes with Lightning Web Security listed as GA.
https://help.salesforce.com/s/articleView?id=release-notes.rn_lws_ga.htm&type=5&release=236
Pre-release orgs have been updated last week, sand boxes (and scratch orgs) will be available on the first week of January.
- Screenshot 2021-12-01 at 09.30.25.png (183.83 KiB) Viewed 1304 times
We are currently assessing the impact of this feature on our customers and will be checking all previously identified compatibility issues again shortly.
Hi, are there any updates on this topic?
Spring'22 is out now and Salesforce is planning to auto-enable LWS in some orgs, which affects a number of our customers. We are trying to push back on the auto-enablement and working on resolving the compatibility issues.
Mats, I will share out internal spreadsheet for tracking.
Hello.
We've checked the spreadsheet and took some actions on our side. location.href
should not be accessed anymore by default, we're also getting rid of window
usages in favor of globalThis
. Data attributes issue is out of our control. Locker Service doesn't allow custom attributes on the DOM nodes except for the data-
attributes. If LWS doesn't allow them, it means we have no way of putting crucial data to the DOM and we rely heavily on this API.
We haven't tried enabling LWS in our test orgs yet and given data attributes do not work it doesn't look like it is time to do so. Could you please let us know about progress on data attributes issue? Do they plan to implement it? Or maybe Locker Service got less restrictive? How can we get notified about the status of this issue?