Neil Harris wrote:
This appears to be increasingly common in recent weeks. We should probably stop recently-created accounts from using user Javascript, in the same way that was done with page moves for the Willy on Wheels page-move vandalism outbreak.
Alternatively, it may be possible to make these kinds of attacks significantly more difficult, by, for example, blacklisting the use of certain functions in user JS?
What sort of attacks are you talking about? People cannot (or shouldn't be able to) execute JavaScript on anyone else's computer, only their own.