<p>Primary Local Administrator: <input name="adminID" type="text" maxlength="10" id="adminID" size="8" onblur="if( !_CF_hasValue(this, 'TEXT', false) && !_CF_checkrange(this.value,1.0,9.999999999E9, true) || !_CF_checkinteger(this.value, true) ){ _CF_onErrorAlert(new Array('BEMSID must be in the range 1-9999999999')); }" /></p>
[64] "&" is an invalid character reference in the value for the "onblur" attribute. This may be because the '&' character was not escaped as "&". To use a literal ampersand it must be encoded as "&" (even in URLs) because '&' is an escape character in HTML/XHTML.
Yes, that is the correct behavior. Because that JavaScript is in an HTML attribute value, the '&' characters should be specified using the '&' character reference.
Of course most browsers still work with the 'raw' ampersand characters because if a valid character reference isn't provided, the browser just treats it as a '&' character.