<div script="false"> ...
YES, you can :-) The answer is: Content Security Policy (CSP).
<div>). Although there could be a workaround by dynamically including the div from an external file with a different security policy, but I'm not sure about that.
Here is a nice tutorial with example: HTML5Rocks Tutorial
If you can configure the server to send this HTTP-Header flag the world will be a better place!