I'm trying to develop a semi-automated calendar/scheduling application for my clients to use to book my time. The page works fine as a web page, but when bundled and sent as a MIME email, the JS code doesn't run.
I can see the obvious problem with allowing this (denial-of-service attacks and the like), but a whitelist of domains that are allowed to use JS would be very helpful! Maybe with a popup to allow/disallow/ask on the first use?
Turning it off and removing any chance of configuring it seems... draconian.
(I've filed a bug report for Apple Mail on ios, but this issue plagues macOS Mail as well.)