Ideally any exploit code should be an image to prevent any possible alert by avast!
Even in a code tag, whilst it doesn’t parse the code on the page, it doesn’t stop the web shield when it scans the page code it isn’t parsing it just looking for exploits, etc. So if this was something detected by the web shield then it would effectively be locking us out of the topic.
You can use this image to replace the code tag.
Nothing to stop you sending this .js file to avast for analysis.