Based on W3C Recommendation Document on XHTML 1.0 (Review Section: C.4. Embedded Style Sheets and Scripts), XHTML document don’t allow you to have any embedded stylesheet and/or script which using < or & or ]] or -- . We should use external stylesheet and/or script if we use any of those symbols, so XHTML parser could parse the XHTML document correctly.

However if we can not use external script and/or stylesheet because of some reason, the W3C provides instruction on how to wrap javascript functions to avoid misinterpretation by the XML processor.

The solution is simple, it only requires the script be wrapped within a cdata marked section. We can escape it using CDATA. (W3C Recommendation Document on XHTML 1.0 – Review section: 4.8 Script and Style elements).

For example:

<script type="text/javascript">
<![CDATA[
... unescaped script content ...
]]>
</script>

As a result, < and & will be treated as the start of markup, and entities such as < and & will be recognized as entity references by the XML processor to < and & respectively. And also if your XHTML documents validated with online W3C XHTML validator, it will also marked as valid.

As an addition, CDATA sections are recognized by the XML processor and appear as nodes in the Document Object Model. If you somehow need to add < or & character as an attribut value, you need to convert it to < or & respectively.

For example:

<script type="text/javascript" src="http://test.com/index.php?a=1&amp;b=2"></script>

Okay, that’s it. Hope this helps.