Description - Block WebSDK updates to the Target Recommendations Catalog done through console by running alloy script.
Why is this feature important to you - For security reasons and avoid unauthenticated updating of contents on the page which could change the dynamics of the web page.
How would you like the feature to work - A way to prevent the console updates from WebSDK from overriding the updates sent in through the API, block particular fields from WebSDK updates or block WebSDK updates entirely.
Current Behavior -
A malicious visitor could potentially run the same call but add a different content to it. This change will show up in their, and everyone else's, recommendation feed within a few minutes and will stay there until the next nightly script run. They do not require any special permissions or API keys (I tested this on my personal laptop in incognito mode). The potential for abuse is not only in defacing the website, but also in changing the URL's users are being redirected to when they click a recommendation in their feed.
