Set correct mime type in jailed. Set correct types on script imports in bonfire/show. Open helmet up to potentially unsafe levels by allowing "* unsafe-inline" in scriptSrc.

public/js/lib/jailed/_frame.js

@@ -24,12 +24,19 @@ var blobCode = [
   ' });                                                    '
 ].join('\n');
 
-var blobUrl = window.URL.createObjectURL(
-    new Blob([blobCode])
-);
+var blobUrl;
+try {
+  blobUrl = new Blob([blobCode], {type: 'application/javascript'});
+} catch (e) {
+  window.BlobBuilder = window.BlobBuilder
+    || window.WebKitBlobBuilder
+    || window.MozBlobBuilder;
+  blobUrl = new BlobBuilder();
+  blobUrl.append(blobCode);
+  blobUrl = blobUrl.getBlob();
+}
 
-
-var worker = new Worker(blobUrl);
+var worker = new Worker(URL.createObjectURL(blobUrl));
 
 // telling worker to load _pluginWeb.js (see blob code above)
 worker.postMessage({