HTML 5's Tokenizer defines different states that can occur within a <script> tag . If the value "<!--" is inserted, the tokenizer will be at the "Script data escaped dash dash state". From here, one can insert "<script>" and be at the "Script data double escaped state". These states are respected by HTML 5 capable browser. If the state is changed without closing the state, a parse error ought to occur.
The escaper should be updated to Unicode escape PS, LS, "<", and ">" characters. This should prevent parse errors in most applications and potential security side effects in some applications (e.g. disabling of frame breaking JS).