Neil Harris wrote:
This appears to be increasingly common in recent
weeks. We should
probably stop recently-created accounts from using user Javascript, in
the same way that was done with page moves for the Willy on Wheels
page-move vandalism outbreak.
Alternatively, it may be possible to make these kinds of attacks
significantly more difficult, by, for example, blacklisting the use of
certain functions in user JS?
What sort of attacks are you talking about? People cannot (or shouldn't
be able to) execute JavaScript on anyone else's computer, only their own.