I'm wanting to let users to run their own scripts on my web site, the scripts won't interact with DOM and are mainly about doing computations. I'm planning to use service workers as the means for sanitizing user input JS. The scripts are stored in the Db, then loaded then executed within a service worker context.
Can anyone see any security issues with this approach (I don't care about while (1 === 1) etc. - only the stuff which can harm the server/other users). Result of the script evaluation won't be given to the user directly but will be used as input for the other Js script. Could anyone spawn a quick attack sample/idea using the setup I described?