I want to allow user contributed Javascript in areas of my website.

1. Is this completely insane?
2. Are there any Javascript sanitizer scripts or good regex patterns out there to scan for alerts, iframes, remote script includes and other malicious Javascript?
3. Should this process be manually authorized (by a human checking the Javascript)?
4. Would it be more sensible to allow users to only use a framework (like jQuery) rather than giving them access to actual Javascript? This way it might be easier to monitor.

Thanks