For a client I have to implement a widget which displays reporting data in a Kendo UI Grid. This widget will be used on various websites. We do have some limited control on how the widget should be implemented on those websites, but optimally it shouldn't be more than a script tag and a div in which to inject.
One big concern is XSS issues. While I am digging into this subject I was wondering what the "official" stance on this is, if there are already any past experiences with such a scenario etc. Any pointers are welcome.