FAQ-001136 - Lightning Web Components and JavaScript Security / Script Loading and Static Resources

The "Lightning: Improper Script Load Vulnerability" refers to the risk of dynamically loading JavaScript files from third-party CDNs or external sources, which can lead to security issues. To fix this vulnerability: 1. Save the third-party JavaScript files in the static resources folder of your package. 2. Include these resources in your solution package. 3. Load each JavaScript file using a `$Resource` URL within your Lightning components. This ensures the code is version-controlled, prevents unauthorized changes to external scripts, and complies with Salesforce's security requirements for AppExchange solutions.

No changes were needed to the FAQ content as it's accurate and well-structured. The answer correctly identifies the security risk, provides clear remediation steps, and aligns with AppExchange security requirements. The selected security rules directly relate to this FAQ's content: LoadJavaScriptHtmlScript detects JavaScript loading via HTML script tags from external sources (severity 2), while LoadJavaScriptIncludeScript identifies JavaScript inclusion through include script methods from external sources (also severity 2). Both rules enforce the same security principle that the FAQ teaches - avoiding external JavaScript loading in favor of packaged static resources. The FAQ's recommendation to use $Resource URLs for JavaScript files directly addresses the vulnerabilities these rules are designed to catch.