<script> and <style> element content should not be escaped by HTML serializer

[cmlenz]

The XHTML serializer should probably continue to escape scripts and styles… however that means that output needs to be sent as application/xhtml+xml to make scripts containing <, > or & characters work.

See also  Kid ticket #99.

[cmlenz]

Actually, this isn't about CDATA, but about escaping the contents of <script> and <style> elements.

Not sure whether trying to pass through CDATA sections as such makes sense.

[arnarbi at gmail]

Unfortunately, using "application/xhtml+xml" is currently incompatible with IE.

At the least the option of either not escaping inside script/style tags or including CDATA sections as-is (with the CDATA markers) would be nice.

[cmlenz]

Passing CDATA sections through doesn't work either when serving as text/html.

What would be needed is something like:

<script type="text/javascript">/*<![CDATA[*/
  var x = 1 < 2;
/*]]>*/</script>

And that's ignoring pre HTML4 user agents (which would display the contents of the <script> or <style> elements in this case). That can be worked around (see  http://www.hixie.ch/advocacy/xhtml), but I don't particularly care about those browsers myself.

[cmlenz]

It just occurred to me that if we passed CDATA sections through and properly serialized them, you could just do the above trick in your template.

[cmlenz]

The fix for HTML output (not escaping) was implemented in [181], the fix for XHTML output (passing through CDATA markers) was implemented in [184].