we could use any nostr app as #hostr webhost https://iris.to/

just load content into iframe

it wont be able to access sensitive data like localStorage

url could be something like:

https://iris.to/hostrf2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6cc

which would execute code like following (where f.src would come from hostr note, we would convert hash "hostrf2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6cc" into hex and query from relay):

document.write(""); f = document.createElement("iframe"); f.src = 'data:text/html;,'; document.body.append(f);