FAQ-001083 - Lightning Component Security Configuration / Security Risks and Vulnerabilities

Setting `isExposed` to true on a Lightning Web Component can introduce the following security risks: 1. **Namespace Isolation Breaches**: The component becomes accessible outside its namespace, potentially exposing it to unauthorized access. 2. **Clickjacking Vulnerabilities**: If the component uses absolute or fixed positioning, it could obfuscate other components or interfere with the user interface on shared pages. ### Mitigation Steps: - Use **relative positioning** for exposed components. - Ensure sensitive data or functionality isn't accessible through the exposed component. - Conduct thorough code reviews and follow secure coding practices to prevent exploitation.

The FAQ content directly addresses the security risks of setting isExposed to true on Lightning Web Components, which aligns perfectly with the AvoidLmcIsExposedTrue rule that flags this exact configuration issue. The rule is designed to prevent the security risks that this FAQ explains. I made one minor improvement to the existing content by changing 'is not accessible' to 'isn't accessible' to follow the brand guidelines for using contractions and more conversational language. All other content remains unchanged as it accurately describes the security concerns and mitigation strategies. For the AvoidLmcIsExposedTrue rule: This rule directly relates to the FAQ's core topic - the security risks of setting isExposed=true on Lightning Web Components. The FAQ explains 'namespace isolation breaches' and 'clickjacking vulnerabilities' which are exactly the types of security issues this rule is designed to prevent. The FAQ's mitigation steps align with the rule's purpose of avoiding this risky configuration.