An unkown person asks you to inject code in your browser.
Sorry folks, but this should be a red flag for all of you.
I guess you all know enough about obfuscation to know that what you think the code does is not always what the code does.
"But it has upvotes!"
For all you know, the script could upvote this post.
It's running in a sandboxed environment(the web browser). The worst-case scenario is it gaining access to my HN account, and I don't really care that much about it.
It's not going to install a bootsector virus on my machine, or ransomware-encrypt all the data on my NAS. So the risk of anything important happening is small, and the same risk as visiting any website on the internet.
It is very short and quite easy to see that it is safe, even if you do not fully grok what is going to happen. If you don't, then by all means do not run it.
Sorry folks, but this should be a red flag for all of you. I guess you all know enough about obfuscation to know that what you think the code does is not always what the code does.
"But it has upvotes!" For all you know, the script could upvote this post.