and of course with a small amount of analysis you can remove the obfuscation. Then you can format the code nicely to make it easier to read.
The best that can be done is to use short variable names that are not obvious so as to make what the script is doing slightly less obvious.
Or if you have any doubts simply add your own script to the page that prevents that one from running.
A very long discussion to this topic…
I am not using the JavaScript for security but there are ajax request send through JavaScript for changing passwords and other details…
So if user deactivates the JavaScript here then is it means he cant have access to tht functions/?
Correct
You can hear more about it at this video starting at 3:40-ish. It really is a fascinating explanation of how it works.
Listen to http request. You mean catching data at the terminal like the NSA did. I don’t know how to do that, but there’s way to hide data from JavaScript debugger. Yes, you can snatch that script but why don’t make it a bit more complex by injecting only parts here and there and mixed them together like in gmail. It’s javascript on the server, you don’t need http request, you can listen to the event from there and serve the script on demand. But this has performance drawback.