All Collections
Rule documentation
Security best practices
Direct DOM manipulation in Lightning Web Components (LWC)
Direct DOM manipulation in Lightning Web Components (LWC)

Detect LWC templates that use direct DOM manipulation and bypass the secure Shadow DOM provided by the Lightning Web Components

Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Rationale

Lightning Web Components use Shadow DOM to protect the component from being manipulated by arbitrary HTML, CSS, and JavaScript. Bypassing the Shadow DOM gives developers greater control, but is strongly discouraged as it significantly increases the risk of Cross-Site Scripting (XSS) and code injection.

Did this answer your question?