Yep. I am fully aware of that. Hence the idea of Sandboxing, somehow. Worker. Iframe CSP. All 3. Dont really care how. Uploading and running scripts is the goal or the idea is useless. Most of the scripts I expect users to run wont be malicious. However I am certain some jackass will try to run a Porn Installer or Malware or something, and the goal is to let those scripts run but effectively be neutered, no access to DOM, no access to XMLHttpRequest, etc.
I'll ask around.
I'll ask around.