I took some time this morning to extend the JavaScript parser; I also added a CSS parser.
The parsers can detect some basic comment based obfuscation. The JavaScript parser is also launched on the CSS's expression and url functions.
Now, I only have to parse the onbody, onmouseover etc. to get the JavaScript in these tags (samethings with the style tag for CSS); it should be done easily.

The following lines should be detected:

• JS in CSS: background: expression(foo("script.ext"));
• CSS: background: url(http://bad.com/script.jpg)
• CSS: <style>

@imp/* This is a nested comment */ort('css-parser-nested-comment.css') </style>

• JavaScript: foo(){var script="script.ext";var params="?kikoo=plop";async(script+params);}

The new Spider with the parser will be added in the next Grabber release.
I also have to say that I'm very proud that Simon Roses Femerling chooses to include the JavaScript/CSS parser from Grabber in the OWASP Pantera project :) !