Using any JS obfuscator (example:https://obfuscator.io/), a user can hide malicious code that may be unreadable to a user. A user might enable JS Extensions and out of curiosity run the project.
Here is an example:
This might be something to look into as a security issue.
and you posted it on the forum ...
- you give someone ideas
- you give the recipe to get there
Yes, I agree with this. Maybe we should go so far as to change the message from "Error: JS Extensions are turned off," which suggests that the user made a mistake by not enabling JS, to "Do not enable JS in programs by users you don't know and trust."
Yeah, that might be better
Or just append the former onto the end of the latter.