Properly escape JSON for usage as an object literal inside of a <script> tag. Use htmlescape in place of JSON.stringify. For more info see JSON: The JavaScript subset that isn't.

var htmlescape = require('htmlescape');
htmlescape({prop:'value'});
//=> '{"prop":"value"}'

Or in your templates:

<script>
var payload = <%= htmlescape(payload) %>;
</script>