The 1st script injected by this test case employs window.alert() to raise a message. It should not present any problems in any DOM-capable browser. The difference between application/xhtml+xml and text/html should not make a difference. After starting the script, this case should show an empty red-bordered box, followed by an alert raised from within the injected script. After dismissing the alert, the box border should be blue.
Test javascript injection:
Watch out! This case may crash Internet Explorer 7 and perhaps other browsers, too. Use at own risk! The 2nd script employs document.write() to append information to current page, preferably into the boxed area below. This should fail in most current browsers if the content mime type is set to application/xhtml+xml. After starting the script, this case should fill the box below with text created by the injected script, but only when this page is delivered as text/html. When delivered as application/xhtml+xml, no content should be added. When the script has ended, the box border should turn blue.
Test javascript injection: