setAttribute() and XSS

I'm writing a script that needs to write the current page location to the DOM, and I'm concerned about XSS. Is the following Javascript snippet safe from XSS?

var script = document.createElement('script');
script.setAttribute('src', 'http://fake.com?src=' + encodeURIComponent(document.location.href));
document.getElementsByTagName('head')[0].a开发者_开发技巧ppendChild(script);

I know that using document.write() to accomplish the same thing is not safe in various browsers, but I've not seen any source discussing if using the DOM access methods is.

There's no need to use "setAttribute":

script.src = 'http://fake.com?src=' + encodeURIComponent(document.location.href);

I don't see where an XSS vulnerability would sneak in here. The server code at "fake.com" has to be "hardened" against weird values of that "src" parameter, I suppose, but that's going to be true no matter what your Javascript looks like.