I have a site where visitors can write posts using CKEditor, which is a WYSIWYG editor. Right now, it allows members to write HTML/CSS in the source code along with text so they can create formatted posts. In addition, members can also post JavaScript in there as well.

Is there any kind of security risk with allowing 3rd party members to post JavaScript using CKEditor? If so, how can I prevent members from posting JavaScript, but still allow HTML/CSS using CKEditor?