I remember seeing a piece of code on dwitter where someone was trying to see if they can inject any code in the page. And it was working. So yeah, I'd very much rather avoid that website. Trying to allow users to put their own code on a page someone else is seeing is perfectly ripe for exploitation. Sure, it might be fun initially, for most people, but not anymore when someone uses that power to harm your website and other users.
And I agree you could work hard to try and somehow verify their code, but I doubt it's possible to let them do something useful and at the same time prevent any possible attack.
And I agree you could work hard to try and somehow verify their code, but I doubt it's possible to let them do something useful and at the same time prevent any possible attack.