The great advantage (or disadvantage; that depends on your point of view) of JavaScript is that you can see the code since JavaScript is (like the name already says) a script (=interpreted) language. So if you have the source, it is a usually not so difficult to understand what happens.
So now we want to look at the ways of getting the JavaScript-code.

1. Case: Script is simply embedded in the site [->example]
Usually it is enough to press the right mouse button and to click on "View source". But this can be blocked by JavaScript itself. For those cases it is possible to use Menu: View->View source. The problem here is that the site needs to be opened in an own browser-window. If you know the filename, this is no problem (just enter it in the address bar of your browser).
Tip: You can use Shift+Left-Click to force a link to open in a new window.
2. Case: Script-activities block the site [->example]
The most common example for this case is a JavaScript MessageBox that is shown immediately after you open the site. When closing the box, those password-protections often redirect you to a different page so that you have no possibility to view the source (otherwise just close the box and get the source like in the first case [->example]). In these cases the best way to get the source is to deactivate JavaScript itself:
If you reload the page now, JavaScript-Code isn't executed preventing the box from appearing. So you can get the source without problems.
3. Case: extern script-files [->example]
This can be combined with any of the other methods, since the JavaScript-code isn't in the site itself, but in an extern file which is included by the site.
Look at the source of the site and search for <script src="..."... Then you just need to view the file specified through src (enter it with the correct path in the addressbar of your browser).

So now we have the code; we can start to solve the challenge. Of course you have to now something about JavaScript. If anyone understands German, I can advise him SELFHTML, which is the best German reference about everything dealing with the internet I found. For the others: just search with Google, you will find many sites about JavaScript with examples, references and tutorials (if someone finds a really good one please tell me).
But now we will look at maybe the most simple JavaScript-password protection that exists:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<title>JavaScript password-protection</title>
<script type="text/javascript">
  function check() {
    if (input_user=="idiot") {
      window.location.href=input_user +".php";
    else {
      alert("You are dull!");
<body bgcolor="#D0D0D0" text="#FF9900">
  <form name="formular">
    Enter your username: <input type="text" name="user" maxlength="20" size="20">
    <input type="button" value="Check" onClick="check()">
Now let's look what's happening here.
First, you will see a form in the webpage with a text-input where you have to insert your username, and a "Check"-button. In this line:
<input type="button" value="Check" onClick="check()"> there is something important: the button executes a script when it is clicked (indicated through onClick="check()"). So you have to check what the function check() is doing.
First, it takes the username you entered in the edit into the variable input_user. If this variable equals "idiot", you are redirected to another webpage (window.location.href=input_user +".php";). Otherwise, you get a message box obviously telling you that you didn't enter the correct password.
So all in all it might be obvious, that "idiot" is the right password.

Whenever you come across a JavaScript-challenge, you first have to get the code of it (look at the top of this tutorial). Then analyze what it does and what should happen (like in the if above, it is obvious that you should get into this if because otherwise this message box appears). Well, and then you have to meet all conditions to get the script into this state.

We hope that this tutorial helped you a little bit starting with JavaScript-challenges.