I'm thinking there are two options. Either having some kind of <Language> to JS interpreter that runs the code in the browser, or, running the code in some kind of container on a server and returning the response to the client. In which case, how are the servers secured against potentially dangerous input?