Well the first answer to can javascript be added is yes, javascript could easily be shown on Steemit. I see many different reasons why that would be positive if it was. The big problem is security, if javascript were allowed, it could modify the Steemit webpage itself and create huge security issues. We are talking on the level of sending your password to somewhere else kind of security risk.

The Benefits

If javascript was allowed on Steemit this would allow things like games and interactive posts, something I'm sure a lot of people could find creative and interesting ways to use. It simply adds more types of content that can be added to Steemit, making it a more diverse place.

The Risks

As stated above, the full javascript API poses serious security risks as it is meant to be the only program running on a webpage, not necessarily put directly into a post. Javascript can directly read, and modify a webpage, as well as send POST messages and SQL requests to a server. It is very powerful for websites, and secure for the end user if written properly. So why can't this be fixed? Well at the moment, as far as I know, javascript has no built in element protection. In other words, any script that is run has access to all elements in the page, there are no restrictions you can put on it. This brings me to my next point, some solutions.

Some Solutions

These are just some ideas I came up with but I'm sure there are several other ways it could be done. I'm also not sure if the ideas I put forth here are 100% foolproof, they are just thoughts, and fully up for discussion and criticism. After all I am not a web developement specialist.

Javascript Protection Protocols

In my opinion this would be the best option but also the hardest to get through. The basic idea would be for javascript and browsers to change their specification so that security limits could be put in the actual interpreter itself. The reason this is so hard to change, is Steemit has no control over how javascript or browsers will act and therefore can't do anything about this.

Limited Script

The basic idea here is for the Steemit editor to parse through the javascript and make sure it doesn't use any forbidden commands or modify any forbidden elements. This would then give Steemit a modicum of control over what the users javascript can do. The program would have to limit the javascript to being local, with none imported from offsite so Steemit has full control over what is in the javascript. This is one of the hardest options as it requires a javacript parser and error checker built into Steemit.

Custom Script

Much like the limited script idea, custom script would be a script created by Steemit for the purpose of dynamic posts. In this way Steemit has direct control over exactly what this scripting language is even capable of doing. Steemit would then parse through the script server side and rewrite it as javascript. This effectively limits what the script can do while still allowing the end product to be javascript. This is probably the most secure option and is not impossible to implement from a programming standpoint, however; it would put more stress on a server and require a new scripting language to be learned.

In Conclusion

Overall I think it would be really cool to have some sort of scripting interface for posts on Steemit. That being said, I don't think this will be implemented any time soon for the reasons stated above, but it would be something to keep in mind. Also if there is something like this for Steemit already, please let me know because I would love to use it.

Images from (respectively):
http://frutbunn.com/index.php/2015/08/20/javascript-code-to-show-an-eu-cookie-policy-banner/
https://insights.ubuntu.com/2017/03/20/three-flaws-at-the-heart-of-iot-security/