Are there any issues if the js string has parameters passed into it generated by user?

[jsoneaday]

I've been looking for something like this for my own project, but I was wondering what about the situation where a user can pass parameters to some js code. Couldn't they inject there own scripts into it to run some code? Does your system prevent such attacks.

For example simply eliminating the ability to pass parameters that contain parenthesis might be sufficient, but I'm just not sure since I don't have the experience in this area.

Again thank you for your work!