Insecure JavaScript operations

Overview

Some JavaScript operations, such as eval and other reflection operations, introduce a significant security risk. For this reason, they are blocked by the Lightning Locker and are generally discouraged.

Business Impact

Increased risk of data breaches, financial loss, and reputational harm. Eroding customer trust and confidence.

Is your Salesforce solution affected by Insecure JavaScript operations?

Clayton detects anti-patterns and offers automated fix advice to kickstart your Well-Architected journey.

Scan your solution

Resources

Build Secure Apps with Lightning Web Components
Injection
Lightning Security
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Incidence

How common is this issue?

Data not available

Exposure

How long do organizations remain exposed before fixing the problem?

Data not available

Frameworks

Trusted

Secure

Session Security

Session Management

A03:2021 – Injection

Found a mistake?

If you think something is incorrect, missing or misleading please let us know.

Report an error