Index: src/applications/differential/controller/DifferentialRevisionViewController.php
===================================================================
--- src/applications/differential/controller/DifferentialRevisionViewController.php
+++ src/applications/differential/controller/DifferentialRevisionViewController.php
@@ -51,6 +51,7 @@
     $diff_vs = $request->getInt('vs');
 
     $target_id = $request->getInt('id');
+    phlog($target_id);
     $target = idx($diffs, $target_id, end($diffs));
 
     $target_manual = $target;
Index: src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php
===================================================================
--- src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php
+++ src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php
@@ -89,6 +89,8 @@
         $new = null;
       }
 
+      phlog($this->selectedVersusDiffID, $this->selectedDiffID);
+
       if ($max_id != $id) {
         $uniq = celerity_generate_unique_node_id();
         $old_checked = ($this->selectedVersusDiffID == $id);
Index: src/infrastructure/celerity/CelerityStaticResourceResponse.php
===================================================================
--- src/infrastructure/celerity/CelerityStaticResourceResponse.php
+++ src/infrastructure/celerity/CelerityStaticResourceResponse.php
@@ -193,6 +193,9 @@
       throw new Exception(
         'Literal </script> is not allowed inside inline script.');
     }
+    if (strpos($data, '<!') !== false) {
+      throw new Exception('Literal <! is not allowed inside inline script.');
+    }
     return hsprintf(
       // We don't use <![CDATA[ ]]> because it is ignored by HTML parsers. We
       // would need to send the document with XHTML content type.