FAQ-001252 - Non-Standard Programming Language Security / Development Framework Security

When using development frameworks that require additional setup, here are some key security considerations: 1. **Static Resources**: Ensure all scripts are loaded as static resources for thorough security analysis. 2. **Avoid Unsafe Inline Scripts**: Don't use unsafe inline scripts, and sanitize user-controlled data to prevent vulnerabilities like cross-site scripting (XSS). 3. **Context-Based Escaping**: Use secure filters and follow context-based escaping practices. 4. **Secure Coding Practices**: Avoid logging sensitive information, such as cryptographic secrets or API credentials, in debug logs. 5. **HTTPS and SSL**: Ensure remote site settings and HTTP endpoints comply with HTTPS and SSL configuration requirements. These practices help maintain a secure development environment.

The FAQ content is accurate and well-structured. Minor improvements made: 1) Clarified 'loaded in static resources' to 'loaded as static resources' for better readability, 2) Changed 'Do not use' to 'Don't use' for a more conversational tone per brand guidelines, 3) Shortened 'such as cryptographic secrets or API credentials' by removing redundant words. All security rules selected directly relate to the FAQ content: XSS prevention rules relate to points 2-3 about inline scripts and escaping, credential security rules relate to point 4 about logging sensitive information, HTTPS/SSL rules relate to point 5 about secure endpoints, and static resource loading rules relate to point 1 about loading scripts properly. The FAQ addresses core security concerns for development frameworks and aligns well with AppExchange security requirements.