Spring 18 Lightning Experience Highlights4 min read
Salesforce's Release Notes for Lightning Experience Spring '18 is over 500 pages long, so we've summarized the most important highlights for developers right here, along with our own best practice recommendations.
Lightning Experience Changes In Spring'18
Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing.
@AuraEnabled Apex controllers that don’t specify "with sharing" or "without sharing" will default to without sharing.
Best practice: Always use "with sharing" in Apex controllers used with Lightning components.
API Access for <lightning:container> Apps Is Revoked
Lightning apps that use the <lightning:container> tag will no longer have access to the REST APIs from inside the iframe. Apps can still access org data through Apex remoting calls. This was considered a security risk and Salesforce revoked access to fix it.
Validation for Component Attribute Types
The type of component attribute is now validated when you save the component. Validation at save time helps you discover attribute type errors earlier in your development process, instead of seeing errors at runtime.
Find Dynamically Created Components
You can now use cmp.find() to find a component that you create dynamically with $A.createComponent().
Lightning Console Apps Support Action Overrides that Use Lightning Components
Action overrides that use Lightning components for View, New, Edit, and Tab are now supported in Lightning console apps. When a user performs an action that’s overridden with a Lightning component, the content from the custom action appears in a tab or subtab. When the split view is open, tab action overrides load the Lightning component in a split-view container that is 400-pixels wide. This feature is new in Lightning Experience.
\<style> Tag Not Allowed In Lightning Components
This restriction ensures better component encapsulation and prevents component styling interfering with the styling of another component.
Changes in Locker Service
The Locker Service architectural layer enhances security by isolating individual Lightning components in their own containers and enforcing coding best practices.
- Previously Locker Service used an iframe to isolate component code when strict Content Security Policy (CSP) was enabled. This approach caused problems when the Enable Stricter Content Security Policy for Lightning Components Critical Update was activated. In this release, Locker Service eliminates the iframe so both framework and component code execute in the main window.
- Compatibility with React framework has been improved.
View the Component Library as an Unauthenticated Experience
Previously, you could access the Component Library only as an authenticated user within your org. In this release, an unauthenticated site has been made available, check it out.
New Lightning Components in Spring'18
In the Spring '18 release, there are some very cool lightning components which were eagerly awaited by the developer community. Here is the list of new components:
- lightning:carousal (Beta) - Displays collection of images horizontally one at a time.
- lightning:formattedAddress - Displays formatted address that provides a link to the given location on Google Maps.
- lightning:formattedName - Displays name with salutation and suffix.
- lightning:formattedTime - Displays formatted time in user’s locale.
- lightning:inputAddress - Renders the address compound field with support for street, city, province, postal code and country.
- lightning:inputField - An editable field with a label, help text and value that corresponds to the field on a Salesforce object. This field must be nested between a lightning:recordEditForm.
- lightning:inputName - A compound input field for name with support for salutation, first name, middle name, last name, informal name and suffix.
- lightning:listView - Renders a list view of all records that you own, have read/write access to, or are shared with you.
- lightning:recordEditForm - A record edit or create layout that displays one or more fields provided by lightning:inputField.
- lightning:pillContainer - A list of pills grouped in a container.
- lightning:treeGrid - A hierarchical view of data presented in a table.
New Lightning Events in Spring'18
- lightning:availableForFlowScreens - This enables a component to used in a flow screen.
Lightning Experience Readiness Changes For Visualforce
Remove Instance Names from URLs for Visualforce, Community Builder, Site.com Studio and Content Files
This update applies to orgs that have deployed My Domain. When the instance name is removed from the URLs, the hostname is going to change.
- mydomain--c.na1.visual.force.com changes to mydomain--c.visualforce.com
- mydomain--c.na1.content.force.com changes to mydomain--c.documentforce.com
Enable the Lightning Console UI Theme
Currently, $User.UITheme or $User.UIThemeDisplayed returns Theme4d for Visualforce pages in standard Lightning Experience apps and Lightning Console apps. Once the critical update is activated, Lightning Console apps return Theme4u, allowing Visualforce pages to differentiate between standard Lightning Experience apps and Lightning Console apps.
<apex:slds> supports Lightning Experience and Custom Styling
The <apex:slds> component already includes Lightning Design System stylesheets in Visualforce pages. In Spring '18, this component automatically adopts the latest Lightning Experience styling or your organization’s custom theme. To apply this change to your Visualforce pages, update the page’s API level to 42.0 or later.
For more information and a list of all the changes in Spring '18, check out Salesforce's full Release Notes.
Trust and security are at the top of Salesforce's priority list. The platform has everything you need if you're looking to construct a robust user security paradigm. However, this security approach has flaws that an attacker can exploit to gain access to your data. The Salesforce Architect has the duty to ensure that these features are set up correctly.
March 16, 2022
7 Min Read
April 8, 2021
3 Min Read