The iframe sandboxing + enforcing CSP approach described in T222807 would reduce the risk of running potentially dangerous javascript within a user's browser, but not eliminate the risk entirely. Unfortunately there have been some related performance issues in exploring this approach (see:
https://phabricator.wikimedia.org/T169027#9342985) as well as some criticism regarding whether or not this approach is in line with the Wikimedia movement's values (see:
https://phabricator.wikimedia.org/T169027#9362252)