To ensure the security and integrity of the Content-Embed widget, i propose implementing a global restriction that prevents users from embedding JavaScript code, whether directly via <script> tags or through indirect inclusions (e.g., via src attributes pointing to external scripts).

Restrict Script Tags
The widget should globally block any <script> tags from being entered, regardless of context. This can be achieved by sanitizing the user-provided input before it is rendered, ensuring that script tags are either removed or escaped.

Advantages

• Enhanced Security: Blocks XSS (Cross-Site Scripting) and other script-based attacks.
• Consistency: Ensures content adheres to expected HTML standards without runtime risks.
• User Trust: Builds confidence in the widget’s reliability and security.

This approach prioritizes security while maintaining the widget’s usability for embedding safe and effective HTML content.