I backup, to my iMac, using iTunes, every week, for every mobile device using the USB / Lightning connector. If the malicious Java Script comes after the most recent backup, would this not have been fixed by restoring?
It would, but unnecessary in this instance. The issue was not actually on the iPad or iPhone but rather on a website. The solution is to get Safari off the website.