Since this is script based, e.g. using the HTML script tag, that should get scanned by the web shield and to date the web shield has been extremely good at this kind of obfuscated script detection.
That however is not official as I'm just an avast user like yourselves.
Personally I would be giving IE a wide berth (certainly until any 0-day exploit was resolved) and using firefox and NoScript as my default browser.