Allow Javascript - Protect from XSS? (unique scenario)

I am in the process of building an application (more specific CMS) that allows users to add Javascript to their content. There isn't really a possibility for Javascript, and because of this, some security concerns are now becoming quite obvious. We are mainly concerned about the theft of cookies.

To explain the system a little more, a CMS allows one user to have access to multiple sites. A user can invite another user to edit their site. Someone accessing the site will then do the JS add.

Here's the scenario we're trying to work around:

• The malicious user "Angry Bob" writes Javascript to read cookies and send them via email.
• Angry Bob invites me to edit their site
• I am browsing the site and my cookies are being sent to Evil Bob.
• Evil Bob now has access to my cookies and can edit any sites that I have access to.

We've added some protection against cookie theft, which makes it difficult to spoof cookies. If you want to use a stolen cookie, you will also have to spoof all the headers to match the names of the victim.

We had some ideas for fixes, like putting each site on a separate subdomain and requiring a separate login for each account. Perhaps this is the best solution.

Any other recommendations?