►
Description
JF Paradis is an Architect at Salesforce on the Lightning platform and currently focuses on Lightning Locker, a browser-level security layer integrating OCAP principles.
JF’s background include computer and network security, single-page web applications, and open-source frameworks. JF is also a contributor to the ECMAScript TC39 committee.
A
Welcome
everybody
Brennan
is
GM
that
I
did
some
software
connected
Salesforce
and
people
with
Salesforce
for
about
five
years
and
the
focusing
of
the
Uniting
platform,
which
is
the
software
service,
a
software-as-a-service
developed
at
the
bottom
that
we
have
been
Salesforce
and
over
the
past
year,
half
of
it
works
in
with
the
technology
called
Locker,
which
allows
us
sandbox
in
the
browser,
without
using
hybrid.
So
today,
I'm
going
to
talk
about
our
experience
using
oak
app
access
for
how
we
were
able
to
move
from
nearly
system
to
pretty
much
a
basic
mocap
assistant.
A
So,
first
of
all,
these
are
the
things
I'm
going
to
cover.
First
we'll
talk
about.
What's
our
challenge,
what
we're
trying
to
protect
what
our
proposal
will
reveal
a
bit?
What
the
root
system
was,
how
how
we
came
about
as
starting
to
secure
that
platform,
and
then
we
talked
about
the
adoption
of
vocab
and
other
standards
and
what
were
the
result
of
our
doing
that
migration?
A
A
A
A
Visualforce
was
the
traditional
one,
pane
and
another
single
day
for
their
multiple
page
framework
and
how
the
lighting
platform,
which
is
the
system
for
multi,
page
single
page,
whether
it
has
an
app
store
and
it
has
an
app
builder,
which
we
very
a
little
bit
more
about.
So
this
is
what
the
UI
looks
like.
So,
if
you
see
whips
and
all
of
these
great
the
UI
builder,
this
is
the
should
be
obvious
view
on
the
left
side.
A
You
have
that
a
series
of
components
before
like
different,
rich
UI
experience,
which
functionally
you
can
drag
them
on
the
page
and
customers
of
patron,
as
you
select
them
on
the
right
side,
you
can
select
different
properties
to
those
components
and
everything
is
made
to
be
fully
adaptable.
If
it
works
on
the
browser,
the
desktop
it
will
work
in
on
mobile.
So
it's
basically
have
your
business
will
go
with
you
like
at
any
time,
which
is
one
of
the
reason
why
so
many
businesses
love
this
now.
A
This
is
the
app
store,
a
review
of
a
Fiat
stone.
They
can
buy
some
of
those
modules.
You
don't
have
to
kill
them.
You
can
buy
them
from
different
vendors,
we
call
them.
Is
video
industry
solution,
vendors
and
they
do
all
kinds
of
things
they
summarize.
We
give
you
access
to
your
data.
We
can
process
the
data
or
some
process
email,
all
kinds
of
systems
are
available
and
you,
your
patient,
only
to
build
your
own
component
using
some
of
those
as
resources.
It's
a
bit
like
years
ago.
A
We
use
that
a
flash
apartment
and
also
basically
a
reinvention
of
this.
This
component
based
architecture.
After
a
period
in
2006
five
you
registered
developers,
we
have
their
use
by
over
50,000
marks.
It's
translated
a
hundred
over
hundred
countries
and
of
those
different
packages
that
we
see
there
were
six
million
install
solutions
this
week,
so
lots
of
code
sharing
between
those
those
organizations.
A
So
the
challenge
was
to
seek
here
all
of
that,
especially
when
we
moved
to
a
single
page
web
application,
because
suddenly
a
couple
of
days
will
exist
for
certain
amount
of
time
and
could
be
looking
and
monitoring
activities
of
the
day.
So
we
developed
locker,
which
is
a
virtual
afraid
it's
morning
here
for
these
army,
the
early
proposal
for
Walker.
It
was
to
basically
make
sure
that
each
model
acts
as
a
separate
tenant
on
the
brothers.
They
don't
there's
no
communication
or
stealing
up
there
helping
them.
A
It's
also
a
way
to
prevent
those
model,
taxes,
power,
api
or
access
unsafe,
or
what
we
give
out
safe
process
behind.
It's
obvious
one
of
the
biggest
threat
is
XSS,
so
all
of
the
methods
like
energy
that
he
would
sanitizer
and
so
there's
no
evenness
ECS-
is
that
they
both
the
closet,
is
the
possibility
to
to
go
through
and
inject
malicious
code,
and
we
basically
send
box
the
top
of
every
every
one
of
those
those
widgets.
So
one
cannot
see
the
dominance
of
the
other.
Now
why
we're
not
using
iframe?
A
Well,
first
of
all,
let's
take
a
look
at
the
typical
use
case,
so
our
components
originally
are
based
with
Chavo
backhead.
So
there's
a
Navy
XML
flavor
around
it.
So
we
have
a
concept
of
a
mainstay.
So
you
know
these
different
publishers
here
so
and
that's
one
weather
and
it's
whatnot
and
s25
as
those
are
the
different
widget
double
journal,
engage
and
NS.
One
is
the
order
or
the
namespace.
A
What
we
do
is
each
namespace
is
basically
allow
more
like
an
a
virtual
iframe
and
what
the
goal
here
is
to
isolate,
for
example,
NS
1,
whether
he's
using
a
potentially
malicious
library
or
not
library,
and
it's
supper
for
Dennis
1,
and
then
the
map
could
have
access
to
the
original
bigger
page
and
then
use
them
to
get
early
indication
of
how
a
business
is
doing.
So.
Our
goal
is
to
prevent
the
staging
from.
A
There
are
other
things,
but
this
is
the
basic.
Probably
one
of
the
most
obvious
is
patience,
so
we
have
to
square
and
has
to
it
and
that's
what,
while
at
Hughes
and
our
crane,
so
we
want
to
preserve
most
of
these
security
properties
of
the
academic
or
all
around
the
isolation
that
yes
I
provide.
So
if
it
bubbles
different
set
of
Dom
elements,
cookies,
cookie,
jars,
sandbox,
the
local
storage
session
storage
and
a
few
other
of
all
of
the
global
API
on
the
page
that
are
brought
down
onto
the
sandbox.
A
But
there
are
a
few
things
we
wanted
to.
We
didn't
walk
with
the
iframe,
which
is
the
iframe.
We
can
have
to
reboot
a
few
afraid
working
every
hour.
He
wanted
to
avoid
moment
words.
If
you
start
to
feel
a
you
don't
have
to
you.
Can
we
use
this
together
at
framework?
What
would
that
also
won't
cut
them
clipping?
So
we
have
a
drop-down
menu
bar.
A
We
have
a
dialog
box
or
he
had
total
tips
and
our
frame
will
provide
hot,
giving
and
especially
when
we
won't
have
nesting,
it's
become
very
difficult
after
so
long
period.
So
but
us
together
long
that
issue
so
simple
view
Obama
by
many
ways
to
look
at
it,
but
basically
we
have
at
this.
Initialization
will
repair,
please
the
the
browser
then
be
even
a
good
position
to
evaluate
some
source
code.
Yes,.
B
A
A
Do
see
this
property
super
data,
the
look
on
Cisco
below
we
have
someone
to
find
an
evaluator
and
death
is
presented
to
a
exhibiting
contact
with
inside
of
a
secure,
global
and
very
secure
object,
and
that
execution
context
has
access
to
the
pure
or
the
basic
JavaScript
API
and
through
a
new
object,
has
access
available
and
when
we
did
all
of
this-
and
we
you
know,
these
guys
started
moving
this
way
or
we
have
all
right.
People
would
hear
this,
but
it
happened
that
we
we
invented
a
few
things
that
existed
out
there.
A
A
Well,
that's
what
other
people
have
been
doing.
If
you
look
at
how
many
effective
enough
to
accept
license
agreement
and
without
any
change
a
piece
of
software,
how
much
taxing
it
is.
Imagine
doing,
therefore,
every
line
of
code
any
other
to
change
an
arburian.
It's
a
it's
an
impossible
task
in
this
allows
the
platform
filters
same
thing
between
cherish
given
graph
API.
We
have
a
diluting
in
the
opportunity
part
of
the
code
and
it
it
happened
by
just
looking
at
what
make
sense
to
the
early
developers
of
other,
and
this
is
what
Google
is
comics.
A
Do
it
with
tomato
and
SES
language
base
security
tons
of
papers
have
been
to
the
bottom,
using
javascript
to
secure
Josephine
and
finally,
the
membranes.
We
have
a
membrane
doctor
and
we
didn't
know
there
was
a
bit
right.
It's
just
the
folks
there's
nothing
to
have
a
caching
system,
so
they
can
be
create
a
safe
version
of
an
object.
You
save
it
in
the
cache
when
you
also
save
the
reverse,
so
you
cannot
filter
that
if
you
present
it
with
orthodontic
and
those
two
things
went
to
different
places
in
of
the
year
of
the
Pelican.
A
B
B
B
A
Know
I
certainly
discover
that
butters
have
been.
There
will
went
full-on
into
the
direction
of
using
standard
difficult.
Some
collaborating
suspenders,
one
of
the
key
things
for
the
platform
and
doctor
will
be
open
source
at
one
point
where
the
process
of
doing
that.
But
one
of
the
key
thing
is
much
water.
Transparency
want
to
avoid
also
people
to
be
loved
that
one
will
good
right
there.
A
These
are
the
key
things
about.
You
have
some
kind
of
handler
that
introduces
some
kind
of
distortion.
Do
we
pass
that
allows
you
to
do
the
conversion
between
the
system?
You
say:
object
is
a
proxy
over
at
all,
I,
don't
say,
object
and
after
you've
created
a
record
and
that
that
was
all
the
code
at
this.
That's
something
you
will
see.
They
need
assistance.
So
this
is
the
activator
and
we
have
our
system
works
within
Metheny,
the
driven
activator.
A
Where
we
more
than
like
this,
we
identify
clearly
what
are
the
API
that
we
allow
and
we
have
system
to
declare
for
each
method.
What
is
DF
of
a
behavior
is
the
jittery
type
of
Emma,
or
is
it
sometimes
in
some
cases
rather
more
targeted
handle,
for
example,
for
my
PhD
I
would
go
through
a
third-party
every
comment
out
here.
So
working
with
mark
one
working
with
a
cleric.
We
we
have
this
proposal
at
least
39
or
at
around,
and
we
have
a
ship
which
is
an
implementation
of
this.
A
Well,
when
this
summer,
through
a
heavy
exercising
of
vendor
code,
simplifying
we,
we
have
over
700
lines
of
code.
For
the
year
the
colonel
every
level
code
has
been
detected
and
topped
over
over
and
over
I
will
test.
The
need
for
typical
courage,
it's
a
terrorist
interested
and
it's
been
reviewed
by
us,
our
original
red
team,
I
work
and
also
the
party
security,
the
US,
and
since
we
have
it
and
we
use
it
in
production,
we've
been
able
to
close
some
issues
that
nobody
knew.
A
So,
just
nothing
very
technical,
but
just
this
idea
about
the
big
brain
and
around
how
one
is
the
opposite
of
the
other,
the
the
proxy
or
the
midbrain
which,
when
you
wrap
it,
you
actually
leave
the
object.
It's
approximate
object,
whereas
the
evaluator
of
the
realm
is
basic
with
over
proxy
such
a
reverse
proxy,
or
certainly
if
the
goal
of
the
membrane
is
to
allow
prevent
you
from
accessing
unsafe.
Rather,
the
reduction
of
all
the
realm
is
to
escape.
A
Together,
you
get
this
kind
of
system
where
the
sandbox
code
runs
inside
of
a
realm
and
all
of
the
object
is
presented
with
our
pain
and
it
doesn't
have
access
to
the
global
context
where
we
have
programming
it.
Pierce's
tavella
not
affected
by
any
degradation
of
before
this
particular
engine.
So
now,
ok,
we
have
the
assistant.
We
need
to
roll
it
out.
So
we
have
this
turtle
challenge
where
we
have
a
part
security
champion,
so
you
know
fix
it,
make
it
secure
and
our
end
user.
A
It
always
will
faster,
faster
and
all
of
these
extra
method
they
have
over
heaven
and
and
our
dip
operators
to
say
well.
The
hold
on
a
VI
has
to
be
exposed
at
issue.
We
thought
we'll
do
all
the
this
service
area
for
the
landing
platform
of
the
web,
but
then
people
will
jiggle,
you
need
let
them
and
whatever
d3,
and
then
we
have
the
whole
WPI
to
support.
So
how
do
we
challenge
Old
English?
Probably
how
do
we
start
about
in
from.
B
A
Only
when
is
to
realize
that
the
most
important
thing
as
a
doctor,
if
we
have
a
secure
system
when
people
refuse
to
use
it,
we
don't
have
anything
so
performance
is
the
sum
of
I
don't
so.
This
is
the
sum
of
first
importance
and
compatibility,
so
would
really
be
the
heart
of
those
aspect
and
and
the
come
to
measure.
We.
A
Threat
modeling
and
we
create
a
filter,
render
but
the
cochlear
implants
about
some
business
security.
So
internally
we
will
be
able
to
make
a
clear
way
by
not
by
focusing
within
three
things
or
at
the
center
that
it's
something
to
say.
Maybe
you
know
we
should
put
all
the
initial
security,
but
it's
not.
B
A
Any
detriment
to
security,
to
political
activity,
so
for
performance
we
have
a
deep
freeze
operator
now,
is
taking
five
milliseconds
to
freeze
the
whole
transcript
and
and
execute
a
second.
If
you
have
international
and
the
email
itself,
we
we
provide
a
safe,
evolving
customers,
it's
a
one
to
one
or
two
to
one
depending
of
the
type
of
code.
Access
to
global
concept
like
object.
Is
that
portal
or
visible,
though
the
variation?
Even
if
we
have
a
whip
over
a
proxy
because
we
have
methods
to
optimize.
A
That
of
all,
are
we
optimize
what
is
D
optimized
by
vision
and
obviously
defined,
and
we
keep
concept
of
the
global
there's
a
little
scheme,
so
we
provide
our
developers
tools
that
can
they
can
measure
performance?
They
can
involve
their
code.
We
have
a
playground,
basically,
where
the
commercial
and
the
a
mediation
the
different
calls.
A
B
A
Tremendous
with
those
numbers
compatibility
well,
we
lose
a
lot
of
this
kind
of
test
which
we
talk
as
original
vault
and
we
bring
those
pets
inside
jQuery
test.
We
test
two
six
two:
we
just
added
the
web
platform
tests
and
we
also
under
three
some
of
the
best
water
published
in
the
possible
based
on
history,
yeah
and
if
the
idea
is
to
allow
most
tended
to
reduce
peak
what
isolation
before
the
Barry
eventually
to
this
system,
so
security,
few
things
we
do.
A
Obviously
everything
has
to
answer
for
this
limitation
of
the
evaluator,
but
it
has
a
lot
of
other
benefits.
We
have
this
whitelisted
mechanism
for
not
mentioning.
So
if
anything
happens,
and
then
this
view
the
browser
we
we
don't
allow
it
until
we
have
a
particular
view
it
and
we
have
till
that
calculate
the
gift
between
what
is
the
rather
and
what
you
support.
We
use
assist.
The
moon
fall
instructor,
CSP,
respects,
Tracy,
assert
or
CSP,
where
we
a
still
allowed
and
CSP.
A
Oh
I'll
take
it
out,
so
we
can
use
it
in
our
code
in
trigger
to
receive
libraries
for
accessible
system,
but
once
in
line
because
it's
a
few
marriages
has
happened,
useful
of
the
two,
because
the
on
safety
valve
can
be
easily
imaging
emulated
by
fixing
true
functions
and
working
off.
Is
the
star
function,
star
software
so
and
there's
no.
B
A
B
A
Like
you're,
you
know,
team
and
robot
are
kind
of
new
to
and
being
immersed
in
the
mocap
space
and
Kate
and
I
were
just
talking
about
trying
to
make
okay
stop
here,
two
more
people,
and
sometimes
it
actually
there's
a
general
person
to
knowledge
problem
here
that
inverse
for
a
lot
is
a
long
time
with
her
to
tell
what
things
are
clear
on.
My
aren't
saw
very
interested
in
perspective
of
what.
B
A
B
A
That's
the
Peter
or
one
dicey,
and
it
still
is
still
difficult.
Basic
concept
like
Phil,
Hughes,
DDT
and
all
those
things
that
they
can
be
isolated
could
be
very
useful,
but
it's
it's
variable
and
I.
Think
initially
you
would,
you
would
get
lost
on
us
naturally
want
to
learn
more
classic
systems
like
ECL.
A
B
So
what
you
explained
as
achievement,
if
I
have
intensive
Korean
users,
as
long
seems,
that's
all
in
terms
of
isolation,
Oh
cat
is,
you
know
any
security
laws,
Islamic
festival.
There
was
the
issue
of
community
spirit
interaction.
Yes,
what
kind
of
since
you're
you
know
generate
one
page
or
realm,
not
message.
A
A
It
is
because
it's
a
couple
of
days
of
tension,
every
component
has
a
defining
interface
and
through
that,
if
the
visitor
basis
is
basically
like
a
postmessage
version
of
cases
because
we're
talking
about
dull
element,
properties
or
web
component
properties,
so
the
type
of
information
that
can
flow
is
is
a
better.
It
is
train,
isn't
rooted.
We
also
allow.
A
Jason
pipe
object
without
going
through
Jesus,
realization
or
basically
perative,
plus
Ares,
and
an
option
to
carry
across
and
object,
can
expose
methods
and
those
are
the
most
acceptable
using
a
more
traditional
way
of
loading
module
a
given
organization.
So
it
cannot
be
done
from
the
app
store.
It
cannot
be
done
magically
to
the
app
store.
Every
business
can
Adam.
There's
resources
called
that
static
resources.
They
can
add
the
folder
that
contains
a
lot
of
resources
in
CSS,
stylesheets,
jQuery
and
there's
a
method
to
load
that
into
page
if
they're
segments.
A
B
B
A
A
We
do
talk
cell
phones,
but
we
also
have
customers
and
NEC
Susan
Feniger
is
doing
talks
and
one
of
the
fellow
most
of
the
platform
said
having
a
very
good
conference.
A
was
the
subject
was
how
I
stop
worrying
and
fall
in
love
with
other
cities,
and
this
point
of
view
was
there
because
of
locker.
He
gets
a
lot
of
security
koala
ties.
It
doesn't
have
to
deal
with
in
sanitizing
innerhtml
every
time
he
touches
the
dominant,
because
this
is
so
I,
never
purely
a
state.