Who will save us?
JavaScript appears to have become far too clever for its own good while browsers seem to simply let it get away with whatever it seeks to do. In this day and age it shouldn't be possible to merely inject a script link into a web page and do what they have done.
I thought it better to not use the 'nuke it from space' icon given the current situation in the region.