What Javascript is not safe in a open-ended script?

Surely censoring the functionality is completely impossible, due to the dynamic nature of JS?<p>alert("blah")<p>can just as easily be made to be<p>window["alert"]("blah"), where the string 'alert' could be made by a very convoluted manner. Solving this would be akin to solving the halting problem, no?

window[['t', 'r', 'e', 'l', 'a'].reverse().join('')]("blah");