In our enterprise application, we plan to embeed twitter timeline on our portal. This requires the admin user of our application to navigate to https://publish.twitter.com/# and generate the html code that is outputted by the twitter site. The admin would then need to pass the generated code to our application so that the timeline could be embedded in the application on the portal view.
I foresee security challenges with accepting html code. What are some of the possible approaches for handling the security concerns in accepting code?