Freeze JavaScript Prototypes for Improved Security and Stability

In JavaScript, each object has a prototype object. An object inherits methods and properties from its prototype object. Prototypes are shared between all objects of the same type. If a component author modifies a JavaScript prototype of a shared object, it can introduce unexpected behavior and potential security issues. Freezing JavaScript prototypes prevents Lightning component authors from modifying JavaScript prototypes of global objects that are shared between namespaces. This restriction enables better code separation between components and prevents malicious or inadvertent tampering of shared objects, such as the JavaScript APIs or DOM APIs.

Where: This change applies to orgs with Lightning components in Lightning Experience, Salesforce Classic, and all versions of the app.

How: This setting is disabled by default for new and existing orgs. To freeze JavaScript prototypes, from Setup, enter Session in the Quick Find box, and then select Session Settings. Select Freeze JavaScript Prototypes and click Save.

Note

Note

Cisco Webex Teams and Meetings features aren't compatible with the Freeze JavaScript Prototypes setting. If you have one of these Webex features enabled, you can’t enable this setting.