What do you mean "has been" stopped? There's no definitively stopping this without HTTPS, which I'm pretty sure hasn't magically "happened" in China in the last couple days.
The GFW may have ceased its attack, but there's no check you can possibly add into an asset delivered over HTTP which can't be undone by the GFW.
As long as there's a script being delivered over HTTP, the GFW can intercept that script request and replace with a script of its own.
I mean the Javascript hijacking has been stopped. This DDoS mixes several ways and during the js hijacking period, GitHub returns `alert()` on specific url for blocking browsers sending ajax requests. For now, the infected urls are back to normal.
The GFW may have ceased its attack, but there's no check you can possibly add into an asset delivered over HTTP which can't be undone by the GFW.
As long as there's a script being delivered over HTTP, the GFW can intercept that script request and replace with a script of its own.