The PR rights for adding an "always used" Skinx extension (be it SSX or JSX) is currently checked against the content of the document, instead of being checked against the metadata author. It means that any document with a content edited by a user with PR rights can be edited by a standard user to add a JSX that will be executed everywhere in the wiki.
- Create a document with Admin user (who has PR rights)
- Login with a user with edit rights (no need for script rights)
- Log out and navigate
- the console log should not be output since the user doesn't have PR rights
- the console log is displayed everywhere