What are the risks of letting users upload and run Javascript

Question

If you have say an HTML5 games arcade, that allows users to upload a script that runs a game with HTML5 and Javascript, assuming you have no filters on their input (apart fr

Answer 1

Allowing javascript to be uploaded an run opens up quite a lot of options for an attacker.

See Cross Site Scripting (wikipeda) and on OWASP.

In general - if you allow this, then an attacker can post any code, redirect users, exploit their browsers, install viruses and more.