Javascript Obfuscator

For a Xojo web-project I need to implement quite some Javascript, partially generated by on the fly since it contains real time data.
It happens to be that this code also contains a token in order to make use of a third party service But . . . I don’t want this tokens to be seen by a curious end users taking a look into the sources. I’ve found “Javascript Obfuscator” which seems to allow me to scramble a token-calculation function.
I would like to know if anybody else is using “Obfuscator” to hash parts of scripting?

@Joost Rongen — AFAIK, you cannot really hide something completely in JS, just make it harder to analyze the code. However, is it worth it?
1. It should be nearly impossible to spy on your JS from another process, so it should be safe as long as your users are not allowed to access your application’s code/executable.
2. The token usually belongs to the end-user, so why should you keep them from knowing it? Sure they could do some stupid things with it but they would be responsible. Also, it could be considered “personal data” for the RGPD and EU citizens should be able to access their own personal data.

The token hes talking about is for his app to communicate with a 3rd party service, and wont be user specific. Google Maps is like this. [quote=445452:@StphaneMons] It should be nearly impossible to spy on your JS from another process, so it should be safe as long as your users are not allowed to access your application’s code/executable.[/quote]
But its not impossible for a user to open a browsers developer tools and just read the code. Additionally some browsers will attempt to un-obfuscate and uncompress JavaScript code.

Keep in mind that even if the function is scrambled, users can still execute the code if they can find it.

Does the 3rd party offer any restrictions on token usage? Perhaps being able to limit them to coming from a particular domain?

@Greg O’Lone — Well you are so much more knowledgeable than me that I won’t try to argue.

Oh and this is a compliment by the way :slight_smile:

Exactly.

Also true.

My script is real time generated by the Xojo web app since it has life data in it. It would be great if I had a function for real time obfuscation of the JS. Seems the algorithm scrambling JS is available, but that would take me a lot of time to implement it in Xojo, so I would encourage somebody else to do this. :slight_smile: