[Foundation-l] Malicious user javascript

[kelvSYC]

> Even if we tried to place restrictions on user JavaScript or  
> disable it
> entirely, there is no way to protect against that distinct from  
> general
> restrictions on submissions from some user. The malicious user could
> trivially substitute JavaScript that comes from their local machine or
> another source, a modifying proxy to insert it, or use a different
> client-side tool to perform equivalent processing.
>

It's too bad we can't prevent massive damage that may result from  
this.  Oh well...