Yes, here you'll run into a tricky one. The problem is that the content declaration of the
script element type is different in HTML and XHTML. In HTML it's declared as
CDATA, while XHTML declares it as
(#PCDATA). There's a big difference in how characters like '<' and '&' are handled.
Now, if you are using real XHTML this won't be a problem. Just escape all instances of '<' and '&' with '<' and '&'. If you are using pretend-XHTML (served as HTML), then you're in a fix. You can't do the escape thing, because that won't work when the document is parsed as HTML – which it must be if you serve it as
Or you could replace the
.innerHTML (which may not be such a great idea with XHTML to begin with) with proper DOM functions, but that'll get you into another problem, since for XHTML you should use
document.createElementNS() etc, while HTML requires