There are no hard and fast rules, it is just safety first really, especially when using examples of exploits, etc. You would be surprised how many times avast alerts on such exploit code in other sites/forums.

Short of sending the .js file/exploit code to avast, virus at avast dot com email address or from the chest.

If you are interested in personally stopping it in your regular browsing, I would say firefox with the NoScript and possibly RequestPolicy add-ons, should stop such exploits dead in their tracks if avast didn’t detect the exploit.