Direct DOM manipulations in Lightning Web Component (LWC) | Clayton Advisor

Direct DOM manipulations in Lightning Web Component (LWC)

Overview

Lightning Web Components use Shadow DOM to protect the component from being manipulated by arbitrary HTML, CSS, and JavaScript. Bypassing the Shadow DOM gives developers greater control but is strongly discouraged as it significantly increases the risk of Cross-Site Scripting (XSS) and code injection vulnerabilities.

Business Impact

Decreased operational efficiency, increased potential for human error, delayed time-to-market, and decreased employee satisfaction.

Is your Salesforce solution affected by Direct DOM manipulations in Lightning Web Component (LWC)?

Clayton detects anti-patterns and offers automated fix advice to kickstart your Well-Architected journey.

Scan your solution

Resources

Insecure Design

Incidence

How common is this issue?

4%

lower

Exposure

How long do organizations remain exposed before fixing the problem?

44%

shorter

Frameworks

Easy

Automated

Efficiency

Operational Logic

A04:2021 – Insecure Design

Found a mistake?

If you think something is incorrect, missing or misleading please let us know.

Report an error