I dont have the necessary 10 reputation points to add a solution to this live question ( How do I hide javascript code in a webpage? ), but have a powerful answer to it none-the-less.
The functional file structure is as follows:
[1] a main .php+html page (i.e.your website) with an src script to an external .js file included.
[2] .js external script that can be obfuscated but it is not necessary, with a XMLHttpRequest() to an associated .php file.
[3] .php file that receives the .js XMLHttpRequest() and includes another .php file
[4] .php file that sends js code back as a plain text string back through the calling files until it is anonymously executed in the calling html+js script in main .php+html page.
Hideaway functionality is achieved by passing time-limited credentials ( a cookie) between .js and .php files, where they plain text script carrying the functional js is at every point hidden within the php.
At no time is sql involved, so access to any DB is precluded.
This is best illustrated by an example, where files association in this examples are as follows (all files located in the same directory on a domain):
[1] = jsHide.php
[2] = js.js
[3] = js.php
[4] = jsFunc.php .
See “Self-Answer” for the code (below).
In this example the “js function run()” in [2] is included in [1] on upload and is activated by a button there.
“run()” is a dummy js function, a shell that calls for the real js to be sent to it as a text string.
“run()” sets a cookie with random value between 0 and 1000, and with a lifespan of two seconds and then sends a “GET XMLHttpRequest()” to [3].
[3] checks the cookie and if all is OK then includes [4].
[4] checks that it is [3] calling it and then echo’s the js string to [3] which is then returned as this.responseText to “run()” which then anonymously executes the js code string by using: “var tmpFunc = new Function() and calling tmpFunc().”
The transient cookie expires before a user can directly open [3] or [4] to view the php output, but exists for long enough for the “GET XMLHttpRequest()” to recover the code string.