Hi, eval seems to work in card templates: eval() - JavaScript | MDN
Note the big red warning box at the top.
I suppose as you long you ensure you are the only one who ever edits your cards, you're mostly safe. Don't put code someone else wrote for you in your cards, if you do this.
Your_code_field:
Don’t put <script> tags in the field, instead write the code without that into the raw html editor.
console.log('hello world');
Your card template:
<script>
// Goodbye, security
eval(`{{Your_code_field}}`);
</script>