This Facebook spam works on the same method, Script copy paste to the addressbar. I wonder why people still do the same thing even after so may alerts and warnings.
Another spam is about profile viewers which is an old one but that still works
Please make sure the following things
Do not copy paste any scripts to browser addressbar
If you got a suspicious link (or an external link), open it in a different browser where you have not logged in to facebook.
Do not allow unwanted Facebook applications to access your Facebook details
You can check the applications you gave permission on your account by
1. Go to Privacy Settings
2. Go to Apps and Website Edit settings
3. Edit Settings
4. Click Edit Settings or Remove the app
5. Remove the entire app or a specific feature of it
BitDefender safego is a very good application which will scan your links and warn about malicious links. I just used it as an example to show the features. You can see the Application here. Also you can see a screenshot of the BitDefender Safego below
So please be careful when you access links and applications.