FAQ-001101 - Lightning Message Channel Security / Security Review and Compliance

Using the "bubbles" and "composed" flags in Lightning Web Components won't inherently cause security review failures. However, you must ensure that these flags don't expose sensitive information, such as PII, OAuth tokens, or passwords. If no sensitive data is being leaked, document this clearly in a False Positive (FP) document with a detailed explanation. If sensitive information is involved, you'll need to address and remediate the issue.

Made a minor improvement to make the language more conversational by changing "do not" to "don't" to align with the brand guidelines that encourage using contractions for a more natural, conversational tone. This small change makes the FAQ more approachable while maintaining all the original technical accuracy and completeness. I selected the AvoidLwcBubblesComposedTrue rule because this FAQ directly addresses the use of "bubbles" and "composed" flags in Lightning Web Components, which is exactly what this security rule detects. The FAQ is teaching developers about when using these flags might cause security review issues and how to handle them properly, making this rule highly relevant to the content.