[betterunix]

https://en.wikipedia.org/wiki/Cross_site_scripting

https://en.wikipedia.org/wiki/Clickjacking

It is definitely problematic for me to have Javascript running from arbitrary untrusted sources.

[acdha]

If I can inject JavaScript into the page I can also inject HTML with a big “Win a free iPad click here!” link. JavaScript is the symptom, not the disease.