When allowing raw html in a wiki ($wgRawHtml), the FlaggedRevs review interface unfortunately shows the changes to the reviewer. Not only in textual form (the diff) but the actually rendered page.
Can this be disabled?
I am concerned, that evil javascript could be used to steal the login cookie of an admin.
If admins could review the just textual diff before that rendered page is shown to anyone, then admins could just decline the edit if someone added some javascript that they don't like without running it in their browser before. Otherwise it's hard to prevent execution of javascript by non-admin editors.