Many of us rely on antivirus software today. But can we always trust those alerts we get? Let's see. If you try to encode your javascript, your visitors may be alerted about trojan JS.Wonka (also known as JS_DLOADER.K, Trojan-Downloader.JS.Inor.a (Kaspersky), Troj/Phel-B (Sophos), JScript/ProfPack!PWS!Downloader, JS/SillyDownloader.AI (F-Prot), Troj/Viperjs-A (Sophos)). What makes the AV software think it is not a script but trojan? In fact, it is just a "generic check". The Virus Information Center says:

===cut===
JS.Wonka is a generic detection of web pages or e-mail messages that contain a certain functionality for encrypting scripts that may have malicious intent. This does not necessarily mean that a virus has been found. It merely means that HTML code was found which attempts to activate additional executable code without the user's express permission. Note: this detection may be triggered by merely visiting a web page that contains malicious code. It does not necessarily mean your machine has been compromised.
===cut===

What does it mean for the webmaster - another headache. Say your decoding function is "escaped" and you put unescape(...) on your page. Now if the unescaped code contains "document.some-operation" - you are in trouble. Just because generic check assumes this code can be malicious.

This site may use encoded scripts (as many sites do to avoid leeching). Though they are harmless and easy to decode, there is no guarantee that some particular AV software will not give some false alarms. If you get some strange alerts, please let me know.