Sandboxing would be nice, but I for one really don't know if it's possible. It would take time just to try to detect/plug holes, and I'm not sure there wouldn't be show stoppers.
As to your eval example, you'd either have to have no Ruby objects reachable from the untrusted JS, or, perhaps, make sure they were very restricted a la blank_slate. So restricted, in fact, I wonder if they'd be useful at all ...
Making no Ruby objects available via JS would mean no calling back from JS to Ruby, only the other way around ...