March 14, 2023

Understanding Async Code Vulnerability

“The Importance of getCallback() in Lightning Component Development”

The Aura framework powers the Lightning Components architecture, which allows developers to create responsive and dynamic web applications using the Lightning Experience interface. However, one potential vulnerability in Aura is its handling of asynchronous code.

In Aura, every event goes through a life cycle: starting with an event being fired, followed by a controller handling that event, then data propagating through any changed attributes, and finally, a rendering phase to update the DOM. To modify a component outside of this normal rendering life cycle, developers can use the $A.getCallback() method.

It’s important to be aware that hackers can exploit the timing of asynchronous code to create security vulnerabilities. To prevent this, any code that modifies a component outside of the normal rerendering life cycle, including asynchronous functions like setTimeout, should be wrapped in $A.getCallback(). This ensures that the component remains secure and responsive and that application event are delivered without any significant delays.

Code Example

					setTimeout(function() {     
    $A.get("e.c:appEvent").fire(); //Firing an application event 


In this example, the application event is fired outside of the application life cycle, causing a delay in delivering the event. To stick to the application’s lifecycle and deliver the event after some delay, we need to use $A.getCallback().

Here’s the solution using $A.getCallback()

					setTimeout($A.getCallback(function() {    
    $A.get("e.c:appEvent").fire(); //Firing an application event 


By using $A.getCallback(), we can receive an event even if we call it asynchronously. This ensures that our components function smoothly and without delays, providing an optimal user experience.


In conclusion, understanding the Aura framework’s life cycle and the use of $A.getCallback() to modify components outside of the normal rendering life cycle is crucial for building effective Lightning Components. By using this approach, developers can eliminate the potential vulnerability of asynchronous code and ensure that their components deliver an optimal user experience.

Share this post:

Discover more articles