<script> and <style> element content should not be escaped by HTML serializer

The XHTML serializer should probably continue to escape scripts and styles… however that means that output needs to be sent as application/xhtml+xml to make scripts containing <, > or & characters work.

See also Kid ticket #99.

Actually, this isn't about CDATA, but about escaping the contents of <script> and <style> elements.

Not sure whether trying to pass through CDATA sections as such makes sense.

Unfortunately, using "application/xhtml+xml" is currently incompatible with IE.

At the least the option of either not escaping inside script/style tags or including CDATA sections as-is (with the CDATA markers) would be nice.

Passing CDATA sections through doesn't work either when serving as text/html.

What would be needed is something like:

<script type="text/javascript">/*<![CDATA[*/
  var x = 1 < 2;

And that's ignoring pre HTML4 user agents (which would display the contents of the <script> or <style> elements in this case). That can be worked around (see http://www.hixie.ch/advocacy/xhtml), but I don't particularly care about those browsers myself.

It just occurred to me that if we passed CDATA sections through and properly serialized them, you could just do the above trick in your template.

The fix for HTML output (not escaping) was implemented in [181], the fix for XHTML output (passing through CDATA markers) was implemented in [184].

