...
- information regarding apps: https://docs.microsoft.com/sharepoint/extend-and-develop
- Information regarding custom JavaScript: Pay close attention to the "custom scripts" feature, as this allows any user in SharePoint to deploy arbitrary scripts: https://docs.microsoft.com/de-de/sharepoint/allow-or-prevent-custom-script
- However, if you do not need the ability to embed content into SharePoint, there is a way to completely deactivate that part of our app and with that all the threats listed here. This can be achieved by deactivating the "SharePoint Online Connector for Confluence Add-In Extensions" app which is bundled with the SharePoint Online Connector for Confluence.
For details about Confluence see
...