FAQ-001119 - Lightning Web Components and JavaScript Security / Aura to LWC Migration and Compatibility

When migrating from Aura to the Lightning Web Runtime (LWR) framework, here are key security considerations: 1. **Adhere to Best Practices**: Ensure components follow best practices to address platform limitations, such as the fragility of Aura/Locker and the intermingling of code privileges on the same DOM. 2. **Enforce Contracts**: Components should enforce all contracts and be safe to use in any context allowed by the framework. 3. **Avoid Dynamic Content Loading**: Don't load dynamic content like HTML or JavaScript directly into components unless it's stripped of CSS or JavaScript code, as this would fail the AppExchange security review. 4. **Use Static Resources**: Include all scripts and resources as static resources to maintain security boundaries. 5. **Enable LockerService**: Use API version 40.0 or later to ensure LockerService is enabled, as it provides enhanced security for Lightning components.

The FAQ content is technically accurate but contains minor language improvements that enhance clarity and readability. Changed "Do not load" to "Don't load" to align with the conversational tone guidelines in the brand guide. The content addresses important security aspects of Aura to LWR migration. For security rule associations: 1. **AvoidAuraWithLockerDisabled** - Directly relates to point 5 about enabling LockerService and using API version 40.0+, which is exactly what this rule enforces 2. **AvoidCreateElementScriptLinkTag** - Relates to points 3 and 4 about avoiding dynamic content loading and using static resources instead of dynamically creating script/link elements 3. **@lwc/lwc/no-inner-html** - Connects to point 3 about avoiding dynamic HTML content loading, as innerHTML usage can introduce XSS vulnerabilities 4. **AvoidOldSalesforceApiVersions** - Relates to point 5's recommendation to use API version 40.0 or later to ensure modern security features