What are the risks of deploying the react-script-editor web part inside our SharePoint online tenant

Question

I am working on a new SharePoint online tenant, and one of the requirements is to have a modern web part that is similar to the popular on-premises/classic Script Editor web part.

so i found this SPfx web part @ react-script-editor , which mimic the on-premises/classic Script Editor web part.

but i have these questions about this web part:-

1) Is it unsafe to have this web part inside the online SharePoint sites? In our case some sites have all users are contributors, so all users can create modern pages and hence add this react-script-editor web part to the modern pages they create.

2) If the answer to question-1 is Yes (using this web part is unsafe), then what can users do with this web part? or what are the risks we will be exposed to? For example can a user write a script inside this web part which get the users' passwords and save them to external system ??

3) If it is unsafe to use the react-script-editor web part out of the box, then are there any steps we can take to minimize the risks that this web part can cause?

Thanks

Answer 1

Hi @john john ,
All client-side web parts are deployed or enabled to be available in site level by tenant administrator using tenant app catalog. If there are concerns on enabling script options in a tenant, this web part or a approach should not be approved by tenant administrators. Unfortunately there seems no such function to change the permission of tenant administrator to these web parts currently.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---