The problem of JavaScript is that it poses a security threat. If there is any email client that accepts it, then it's most likely a security vulnerability and should be fixed.
So, really, "don't even bother", because even if it works, it'll soon stop working.
EDIT: Some people don't seem to understand why it is a security risk, so I'll explain.
Consider the following code(one of the multiple ways to steal passwords using Javascript and unsafe email clients).
Using JavaScript:
- Create a form with "username" and "password" input fields.
- Let the browser automatically remember the content of these fields(several users store username and password in the browser's memory to avoid having to type and remember it every time.
- Once both fields are (automatically) filled, send their content to your website using something like
.
- Congratulations! You've stolen a password!
Usually, just creating a form using JavaScript in your own unsafe website isn't harmful by itself because the browser is smart enough to tell gmail data only to gmail(and you usually don't try to steal passwords from your own website, and in that case there'd be easier ways to steal them anyway).
However, if you allowed JavaScript in emails, then the browser wouldn't be capable of separating legitimate JavaScript from insecure code.
Cookie theft is also possible if an email client can't filter JavaScript.