I guess everyone knows, that using:

<script type= "text/javascript" > myMagicFunction ( "This & That" ); </script>

is pretty bad practice. The issue is, that the & should be escaped and read as & instead.

If you are reading this code with an Ajax-Request and it contains for instance unescaped & character, it will fail to load the xml properly and also fail executing the embedded javascript.

The workaround I see pretty often is the following (even suggested by w3schools:

<script type= "text/javascript" > <! [ CDATA [ myMagicFunction ( "This & That" ); ]] > </script>

a better way is of course:

<script type= "text/javascript" > // <![CDATA[ myMagicFunction ( "This & That" ); // ]]> </script>

because it does not break any backwards compatibility to browsers, who do not get the cdata tag when in non xml mode.

This solution has one big problem: This claims the inner content to be included at this point and be escaped automatically. And this valid html will be made visible to search engines.

Since I don't want anyone to count this comments as content for my website I am using the following solution for ages:

<script type= "text/javascript" > // <!-- myMagicFunction ( "This & That" ); // --> </script>

It works like a charm. If you are still using any of the previous solutions, please consider this solution as a replacement.