FAQ-000268 - CSS and UI Security / CSS Exception and Justification Processes

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What documentation and justification is needed to request exceptions for components that break standard layout guidelines?
Answer
To request exceptions for components that may break standard layout guidelines, you need to provide comprehensive documentation: **Required Documentation:** 1. **Use Case Explanation**: Clearly describe why fixed positioning or non-standard layout is necessary for the component. 2. **Namespace Exposure**: Confirm if the component is exposed outside its namespace. If not, explicitly mention this, as it may support the exception request. 3. **Visibility Details**: Explain how the component's visibility is limited to specific pages or use cases within the namespace. 4. **Security Mitigations**: Detail any measures taken to ensure the component does not obstruct other UI elements or create vulnerabilities. 5. **Implemented Interfaces**: Reference the interfaces used to show if the component is designed for shared pages or apps. 6. **Supporting Documentation**: Include any relevant documents, such as false positive reports or security review findings. **Justification Guidelines:** 1. **Restrict Usage to Controlled Environments**: Ensure the component is used only in specific, controlled scenarios, such as within pages owned by the namespace. 2. **Namespace Exposure**: Confirm that the component is not exposed outside its namespace. This limitation can support the justification. 3. **Specific Use Case**: Provide a clear example of the component's purpose, like a progress bar fixed to the top of a form page, and explain why it is necessary. 4. **Avoid Shared Pages**: Ensure the component is not designed for shared pages or applications where it could obstruct other elements. Make sure your documentation aligns with current security policies and standards.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Question
What documentation and justification is needed to request exceptions for components that break standard layout guidelines?
Recommended Answer Update
To request exceptions for components that may break standard layout guidelines, you need to provide comprehensive documentation: **Required Documentation:** 1. **Use Case Explanation**: Clearly describe why fixed positioning or non-standard layout is necessary for the component. 2. **Namespace Exposure**: Confirm if the component is exposed outside its namespace. If not, explicitly mention this, as it may support the exception request. 3. **Visibility Details**: Explain how the component's visibility is limited to specific pages or use cases within the namespace. 4. **Security Mitigations**: Detail any measures taken to ensure the component doesn't obstruct other UI elements or create vulnerabilities. 5. **Implemented Interfaces**: Reference the interfaces used to show if the component is designed for shared pages or apps. 6. **Supporting Documentation**: Include any relevant documents, such as false positive reports or security review findings. **Justification Guidelines:** 1. **Restrict Usage to Controlled Environments**: Ensure the component is used only in specific, controlled scenarios, such as within pages owned by the namespace. 2. **Namespace Exposure**: Confirm that the component isn't exposed outside its namespace. This limitation can support the justification. 3. **Specific Use Case**: Provide a clear example of the component's purpose, like a progress bar fixed to the top of a form page, and explain why it's necessary. 4. **Avoid Shared Pages**: Ensure the component isn't designed for shared pages or applications where it could obstruct other elements. Make sure your documentation aligns with current security policies and standards.
Reasoning
The FAQ content is well-structured and comprehensive, covering the essential aspects of requesting exceptions for components that break standard layout guidelines. The changes made are minor improvements to enhance readability and flow: 1. Used contractions (doesn't, isn't, it's) to make the text more conversational and natural 2. Maintained all original points and structure while improving readability 3. The content remains accurate and complete without any outdated information detected No security rules were identified as directly related to this FAQ because it focuses specifically on the documentation and justification process for CSS layout exceptions, which is an administrative/procedural topic rather than a technical security implementation that would be detected by code analysis rules. The available security rules primarily focus on code-level security issues (SOQL injection, XSS, CRUD violations, etc.) rather than the documentation requirements for requesting layout guideline exceptions.