If the user puts script tags into the codeview, the scripts are executed when trying to switch back to WYSIWYG. This happens for both inline scripts, e.g. <script>alert('test');</script> and external ones, e.g. <script src="http://path/to/foo.js"></script>.

It has the side effect of also trapping the user in the codeview if they enter some invalid JS. I came across this while trying to test my own input sanitization by putting <script>test</script> into the codeview since all I was trying to do was make sure that my HTML cleaning was stripping script tags out, and it trapped me in the codeview with the JS error: Uncaught ReferenceError: test is not defined