On 21-08-2022 02:05, Aleix Conchillo Flaqué wrote:

According to the spec, embedding inline content in the <script> tag should conform to the language defined by the "type" attribute (defaults to javascript). So, I would expect you could put any string that conforms to JS.

"""
When used to include dynamic scripts, the scripts may either be embedded inline or may be imported from an external file using the src attribute. If the language is not that described by "text/javascript", then the type attribute must be present, as described below. Whatever language is used, the contents of the script element must conform with the requirements of that language's specification

I am proposing to use XHTML (which is XML), not HTML. HTML's special parsing quirks are irrelevant here.

It does, browsers (at least Chrome) don't interpret that correctly, since it's not valid JavaScript.

As <script> ... </script> is XML, the XML parser  (not the HTML parser, this is XHTML!) will decode the &lt; inside the <script>...</script>, the result _after decoding_ is valid JavaScript.  In XML, <script> is not special -- everything is parsed the same way in XML.