Allowing user to control code is explicitly unsafe operation. As you note the purpose of sanitization is pretty much to not let user slip in anything executable and/or with malicious intent.
To “sanitize” executable code you would need programmatic understanding of it (code parser) and criteria engine to distinguish what is safe and what is not. For such requirements it is utopian.
Natively WordPress lets admin use JavaScript in post content. Now and then people report it as “horrible security vulnerability”, but really it’s just binary matter of trust — either you trust some user to input executable code or you don’t. There is essentially no middle ground or “but not that code” in this case.