FAQ-000414 - Component Communication and Data Sharing Security / Cross-Platform Component Communication

To securely pass data between a Canvas App and a Lightning component: 1. **Use Secure Communication Methods**: Use Lightning Message Channels or Salesforce-provided APIs for data exchange. 2. **Sanitize and Validate Data**: Ensure all data being passed is sanitized and validated to prevent XSS and injection vulnerabilities. 3. **Protect Sensitive Information**: Avoid exposing sensitive data directly. Instead, use secure tokens or encrypted data for communication. These practices help maintain security while enabling seamless data transfer.

The FAQ content is generally solid but could benefit from more specific security terminology. I made minimal changes to improve clarity: 1. Removed 'Leverage' in favor of 'Use' for more direct language 2. Made the sanitization point more specific by mentioning 'XSS and injection vulnerabilities' instead of generic 'vulnerabilities' to better align with the security rules Regarding security rules selected: - **ApexXSSFromURLParam & ApexXSSFromEscapeFalse**: The FAQ discusses sanitizing and validating data being passed between components, which directly relates to preventing XSS vulnerabilities that these rules detect - **AvoidUnescapedHtmlInAura**: When passing data between Canvas Apps and Lightning components, there's risk of unescaped HTML causing XSS, which this rule addresses - **AvoidLmcIsExposedTrue**: The FAQ mentions Lightning Message Channels as a secure communication method, and this rule ensures proper exposure configuration for LMCs - **ApexCRUDViolation & ApexSharingViolations**: When data is passed between components, proper CRUD permissions and sharing rules must be enforced in the underlying Apex code that handles the data transfer