The next step of this cat and mouse game would be for the Javascript interpreter to detect intentionally obfuscated code and then give the user an option to stop executing the scripts on the page, just like how browsers do if it detects a script is taking too long to execute, with the default option being to stop it. This could be done heuristically from the JIT based on the CFG and the entropy of the symbol table.
