Premium support for our pure JavaScript UI components


Post by gbrdhvndi »

Hej!

Salesforce is working on a new security layer to replace the Locker Service named "Lightning Web Security" and it is now in beta as of Winter'22 release.

This new technology brings some long awaited features to Lightning web components, but it is not without fault.

Whilst testing integration with third party libraries I have discovered the following issues that affect your component bundle functionality:

  1. The global window reference is null, which passes the (typeof !== 'undefined') check in BrowserHelper.isBrowserEnv but causes issues everywhere else. Solution: inject const window = globalThis; into the bundle file at compile time.

  2. The Core/helper/AjaxHelper calls BrowserHelper.queryString?.__resourceRoot which creates new URL from window.location.href which throws because href is undefined. Solution: always return empty object from queryString because AjaxHelper is useless in LWC environment anyway.

  3. The Core/helper/EventHelper throws in the fixEvent() method attempting to read the type property of the event parameter. Solution: remove the following line from EventHelperOverride: event = Object.create(event);. Looks like LWS is very particular about the Event object.

  4. After Grid/view/SubGrid builds grid rows in onAddRow() and inserts them to the DOM, all data- attributes are missing from grid cells, which prevents column resize and other cell level manipulation. There is no solution for this problem at the moment. I have created an isolated (not using Bryntum code) reproduction of this issue and reported it to the PM for Lightning Web Security.

I hope you find this information useful.

Aleksei


Post by alex.l »

Thank you for your tips! This is definitely useful and will save us a lot of time!

All the best,
Alex


Post by alex.l »

I've created a feature request for this https://github.com/bryntum/support/issues/3680

All the best,
Alex


Post by gbrdhvndi »

Please keep in mind that Lightning Web Security is still in beta and it must be manually activated in the org.

The old Locker service is still on by default, so you don't need to take any immediate action. This was just a heads up.

Aleksei


Post by mats »

Much appreciated Aleksei!


Post by gbrdhvndi »

Salesforce has confirmed that Lightning Web Security (LWS) will be Generally Available (GA) in the Spring'22 release (timed between mid January and mid February), although this will be a gradual rollout spanning multiple releases.

I'm working closely with them to ensure that the dataset bug and any other potentially blocking issues are addressed in time.

Aleksei


Post by gbrdhvndi »

FYI

Today Salesforce has published Spring'22 release notes with Lightning Web Security listed as GA.
https://help.salesforce.com/s/articleView?id=release-notes.rn_lws_ga.htm&type=5&release=236

Pre-release orgs have been updated last week, sand boxes (and scratch orgs) will be available on the first week of January.

Screenshot 2021-12-01 at 09.30.25.png
Screenshot 2021-12-01 at 09.30.25.png (183.83 KiB) Viewed 1289 times

We are currently assessing the impact of this feature on our customers and will be checking all previously identified compatibility issues again shortly.

Aleksei


Post by gbrdhvndi »

Hi, are there any updates on this topic?

Spring'22 is out now and Salesforce is planning to auto-enable LWS in some orgs, which affects a number of our customers. We are trying to push back on the auto-enablement and working on resolving the compatibility issues.

Mats, I will share out internal spreadsheet for tracking.

Aleksei


Post by Maxim Gorkovsky »

Hello.
We've checked the spreadsheet and took some actions on our side. location.href should not be accessed anymore by default, we're also getting rid of window usages in favor of globalThis. Data attributes issue is out of our control. Locker Service doesn't allow custom attributes on the DOM nodes except for the data- attributes. If LWS doesn't allow them, it means we have no way of putting crucial data to the DOM and we rely heavily on this API.

We haven't tried enabling LWS in our test orgs yet and given data attributes do not work it doesn't look like it is time to do so. Could you please let us know about progress on data attributes issue? Do they plan to implement it? Or maybe Locker Service got less restrictive? How can we get notified about the status of this issue?


Post by gbrdhvndi »

Looks like we are not the only ones affected by the data- attribute problem:
https://trailhead.salesforce.com/en/trailblazer-community/feed/0D54S00000EmbJJSAZ

Salesforce is aware of it and is working on a solution. I will keep you posted.

Aleksei


Post Reply