I think WP strips off javascript any, to avoid security bugs such as cross site scripting.
Javascript could access document.cookie, and so steal cookies. Sure, from your own site, but think about “shared” blogs.
Additionally, a href.location(“https://www.ebay.com/buyitem.php?id=12334”); could you make buy strange things.
Okay, the ebay thing probably still needs other things, but you get the idea…
