JavaScript is disabled through the Freenet proxy but it's possible to use the Freenet API to access the raw data and have a proxy that doesn't disable JavaScript. It would be possible to do something very ZeroNet like but with Freenet as the backend.
ZeroNet doesn't really use the torrent protocol. It has its own file sharing service that it runs to receive requests from other users for files. It uses the torrent trackers to map site addresses to IP or onion address.
You know what you're serving initially but the site author can add any files they choose and you'll start serving them if you've visited the site and are seeding it. You have no control over malicious sites that decide to store arbitrary data.
ZeroNet doesn't really use the torrent protocol. It has its own file sharing service that it runs to receive requests from other users for files. It uses the torrent trackers to map site addresses to IP or onion address.
You know what you're serving initially but the site author can add any files they choose and you'll start serving them if you've visited the site and are seeding it. You have no control over malicious sites that decide to store arbitrary data.