If the HTML preview renders in a separate subdomain of the editor view, then malicious JS has a limited blast radius. This would allow the preview iframe to drop the no-scripts restriction we have today.
I believe we can implement this fairly cleanly using HTML service workers so that the deployment isn't any different from today (that is, we don't actually require a full separate subdomain handled at the level of the web servers serving the hub-client content).
If the HTML preview renders in a separate subdomain of the editor view, then malicious JS has a limited blast radius. This would allow the preview iframe to drop the no-scripts restriction we have today.
I believe we can implement this fairly cleanly using HTML service workers so that the deployment isn't any different from today (that is, we don't actually require a full separate subdomain handled at the level of the web servers serving the hub-client content).