nonce so high,is this normal?
It's not normal, we received some attacks but we changed the reward rule (that was previously based on number of the nonce) and now it is based on the difficulty, so even if someone tries to find a block with an higher nonce the reward is based anyway on the difficulty.
Are you serious?
You provided a reference-implementation in javascript for the miner and talk about an "attack" if someone chooses different nonces in their miner? Thats ridiculous!
If this is unwanted behavior:
-publish a clear specification or
-don´t accept these nonces