I have been toying with an idea now (since last night). Traditionally, it has not been possible to hide JavaScript on a web page. Either, the script is embedded between <script> tags, or it is linked in a link tag. But the bottom line is, if you can find it on the page, you can load it in your browser (or save it to disk).

This means anybody can take your code.

Ajax helps with this, as now I can put my application-level code on the server where it belongs, and minimize JavaScript on the client side. But what if there was some tricky bit of JavaScript code that I thought was so cool that I wanted to be selfish and keep it to myself? Well, I would want to hide it, then!

I am sure there are some clever people out there who could STILL snag my code using the method I am playing with, but at least this idea would give them a good challenge.

There is a nifty little function called XMLHttpRequest() that you can use to make asynchronous calls to the server from an active web page. This is at the heart of Ajax. If you don't know what Ajax is, don't worry - it's nothing really new. It's just a new marketing term for older (and newer) technology together that is helping close the gap between familiar desktop application interfaces and interactive web functionality. It basically includes javascript, CSS, X/HTML, XML/XSL, etc. It is kind of the next generation DHTML...but using revitalized javascript, etc. It is only now that this is becoming possible, since browsers are creeping ever closer to suggested standards. It's 20th century technology coming to life...not a century too soon.

Want an example of Ajax in action? Visit Google Suggest.

Since JavaScript files can be rather large, depending on how much client-side functionality you have (or want), this can add significant download time to web pages...besides the ability to look at the HTML and see what javascript files are being loaded.

My idea is to use XMLHttpRequest() to load in javascript on an as-needed basis, or to simply provide a means of hiding the javascript code. Using PHP in the back end, I can utilize security tests to deliver the javascript code only if it is being requested from a web page on my domain. That way, even if you know the correct PHP call, you can't just type in the URL and get my javascript, or make a web page of your own to load and display my javascript.

MWA HA HA HA HA HA HAAAAAA!!!!

The only problem with this idea is, I haven't been able to get it to work!

WAAAAA!!!

It loads in the javascript just fine, but for some reason, I can't seem to be able to call any of its functions. I don't know enough about how the browsers work, etc., yet to know if a post-page-load method of importing JavaScript like this is putting it into another kind of name space or area of memory or is simply being seen only as text...or what the deal it. But, like everything else about JavaScript and front-end engineering, it is irritating as hell.

But I'm going to figure it out! I just wanted to post the idea here in case I am the first, since I have seen no other reference to this idea. But if I have things my way, I'll make it work!

UPDATE:
Well, that didn't take me very long. I found a solution, and apparently I was not the first to think of it. I kind of figured as much, as late as I am coming into this game. But I got the basic idea working! Unfortunately, you can't see it, since it is on my internal network, but you may one day soon see the results of my efforts online somewhere. Maybe I'll even post some details about the whole mechanism in this blog if there is any interest.