Stopping editors adding javascript to posts/pages

I have an issue with a site where it keeps getting hacked. I’ve put in various security plugins etc but it still getting hacked. One thing I noticed the hackers are doing is putting in some javascript at the end of page content. When you log in and view the page in the editor and switch to text view, after a bunch of blank lines sits some javascript that just looks like at array of numbers but is obviously malicious and not supposed to be there. So what I want to do to strengthen the site it stop anyone being allowed to write javasript in a post/page. I can’t find how to do this. Futhermore, if they added some JS via some kind of injection/trickery then perhaps auto remove it from post content.