JavaScript isn't allowed to use document.write()
on XHTML pages.
Note the offending snippet:
<script type="text/javascript">
<!--
var unityObjectUrl = "http://webplayer.unity3d.com/download_webplayer-3.x/3.0/uo/UnityObject2.js";
if (document.location.protocol == 'https:')
unityObjectUrl = unityObjectUrl.replace("http://", "https://ssl-");
document.write('<script type="text\/javascript" src="' + unityObjectUrl + '"><\/script>');
-->
</script>
You may notice the script in question is performing a very simple operation. If you know your deployment, you can strip it and include the result plainly:
If deploying to HTTP website:
<script type="text/javascript" src="http://webplayer.unity3d.com/download_webplayer-3.x/3.0/uo/UnityObject2.js"></script>
If deploying to HTTPS website:
<script type="text/javascript" src="https://ssl-webplayer.unity3d.com/download_webplayer-3.x/3.0/uo/UnityObject2.js"></script>
If you're not sure, an ideal fix would be to edit the page's DOM, but a quick and dirty workaround is to edit a node's innerHTML
directly.