One of the concerns I mentioned in the past is that there are security implications with exposing more functionality to JavaScript. It is still a problem - any endpoint we expose to the review screen will also be accessible by e.g. shared decks. We may be able to better isolate things by moving the card content into an iframe - it’s something to explore when more of the review screen gets moved into Svelte.