Weebly is a drag and drop website developer and allows developers to create custom widgets that users can add and drag to their pages. These custom widgets may contain javascript for interactivity.
These widgets are not enclosed in an iframe and are inserted directly into the page.
In addition to manually auditing the presented javascript code when adding a custom element to the Application Center, is it possible to contain or isolate a widget without an iframe if it contains malicious code?
source
share