FAQ-000306 - CSS and UI Security / Improper CSS Loading Vulnerabilities

Here's the difference in terms of security when loading CSS in Salesforce Lightning components: 1. **Using `<link>`**: - **Security Risk**: Referencing external stylesheets with `<link>` is insecure and violates Salesforce's security policies. It can expose your application to vulnerabilities from untrusted third-party resources. - **Recommendation**: Avoid using `<link>` in Lightning components. 2. **Using `<ltng:require>`**: - **Secure and Recommended**: This is the preferred method. Save CSS files as static resources and reference them using `<ltng:require>`. This ensures the CSS is version-controlled, adheres to Salesforce's security standards, and prevents unauthorized changes or vulnerabilities. 3. **Using Inline Styles**: - **Secure but Limited**: Inline styles are generally secure but not ideal for maintainability or scalability. They are suitable for specific, isolated styling needs but should not replace external CSS files managed through static resources. In summary, **`<ltng:require>`** is the best practice for loading CSS securely in Lightning components. Let me know if you need further clarification!