Hack my friend's website! From what she tells me, it's super secure. Why don't we prove her wrong :)
Don't try to figure out what the messy JavaScript code means. Developer tools help a lot in things like this.
Since secret is a global variable, you can just open the developer console and print the variable.
Alternatively, you could just look at the contents of _0xa107, which decodes to the flag.
easyctf{developer_console_is_your_friend}