diff --git a/packages/binding.foreach/src/foreach.ts b/packages/binding.foreach/src/foreach.ts
index 72ef35ce..1552dd72 100644
--- a/packages/binding.foreach/src/foreach.ts
+++ b/packages/binding.foreach/src/foreach.ts
@@ -5,7 +5,15 @@
 // Employing sound techniques to make a faster Knockout foreach binding.
 // --------
 
-import { arrayForEach, cleanNode, options, virtualElements, domData, domNodeIsContainedBy } from '@tko/utils'
+import {
+  arrayForEach,
+  cleanNode,
+  options,
+  virtualElements,
+  domData,
+  domNodeIsContainedBy,
+  validateHTMLInput
+} from '@tko/utils'
 
 import { isObservable, unwrap, observable } from '@tko/observable'
 
@@ -57,7 +65,7 @@ function makeTemplateNode(sourceNode) {
     parentNode = sourceNode.content
   } else if (sourceNode.tagName === 'SCRIPT') {
     parentNode = document.createElement('div')
-    parentNode.innerHTML = sourceNode.text
+    parentNode.innerHTML = validateHTMLInput(sourceNode.text)
   } else {
     // Anything else e.g. <div>
     parentNode = sourceNode
diff --git a/packages/utils/src/dom/html.ts b/packages/utils/src/dom/html.ts
index 761c3403..7f3636d8 100644
--- a/packages/utils/src/dom/html.ts
+++ b/packages/utils/src/dom/html.ts
@@ -68,7 +68,7 @@ export function parseHtmlFragment(html: string, documentContext?: Document): Nod
 }
 
 const scriptTagPattern = /<script\b[^>]*>([\s\S]*?)<\/script[^>]*>/i
-function validateHTMLInput(html: string): string {
+export function validateHTMLInput(html: string): string {
   if (!html) return ''
 
   if (options.templateSizeLimit > 0 && html.length > options.templateSizeLimit) {