There are multiple ways of overcoming this and I would welcome HubSpot to document them (even if labeled "unsupported"):
Download the HubSpot Javascript, do security audit and include it statically. Whenever the JavaScript changes the download/review/include has to be repeated.
Include an iframe that contains html to include the JavaScript, send JavaScript events from the site into the iframe