For visitors that don't support JavaScript, I'm redirecting them to a certain page - "js.html".

For this, I have the following in all my files:

<noscript>
<meta http-equiv="Refresh" content="0;URL=js.html" />
</noscript>

Of course, this doesn't validate in XHTML as noscript must be placed in <body>. But when I place that code in the body of my document, I get another error, because meta tags can only be used in the <head> section, so I'm kind of stuck in an infinite loop here.

Is there a way to make this validate? It works fine in all browsers so it's not a big deal, I just would like to validate my app.

Here is what you could do:

Insert the meta into your head but with a refresh of let's say 2 seconds. And very next to that place a SCRIPT tag that removes that meta refresh. So any JS user will not be redirected:

<meta id="refresh" http-equiv="Refresh" content="10;URL=js.html" />
<script type="text/javascript">
    $('refresh').remove();
</script>

The browser might hav already "mentioned" the meta refresh. So you could just use JavaScript to write an opening and closing HTML comment (inlcude an opening script tag to close the script tag of the second document.write) around it:

<script type="text/javascript">
    document.write("<!-- ");
</script>
<meta http-equiv="Refresh" content="2;URL=js.html" />
<script type="text/javascript">
    document.write(' --><script type="text/javascript">');
</script>

I could successfully tested this one.

Just a hint on how I handle non-js users. I have a css class called "js" which I add to any element that should only be visible for javascript users. Through javascript I add a css file containing a rule for the class "js" that shows every element with the "js" class. All links (functions) are alo designed, that they can be used without javascript or in a new tab clicking a link while holding down CTRL.

I've tried all the suggestions I could find for this, including the answers to this question, but none worked. Kau-Boy's answer to this question didn't work for me (as it comments out both the meta tag and most of the second code script block, then js breaks on '); which it tries to interpret after the comment is closed i.e. this happens:

<script type="text/javascript">
    document.write("<!-- ");
</script>
<!-- <meta http-equiv="Refresh" content="2;URL=js.html" /><script type="text/javascript"> document.write(' -->
<script type="text/javascript">
    ');
</script>

I took inspiration though from what it did do, and put together the following which seems to work:

<script type="text/javascript">
    document.write('\x3Cscript type="text/javascript">/*'); 
</script>
<meta http-equiv="Refresh" content="0;URL=js.html" />
<script type="text/javascript">/**/</script>

Essentially, if javascript is enabled, we get 3 script elements, one of which is the meta tag tricked inside a javascript comment, so it doesn't redirect. If javascript is disabled, all it sees is two script elements which it ignores, and the unmolested meta element, so it redirects.

Note: if you serve up your page with application/xhtml+xml content type (which you probably should be doing, I suppose, if the document is xhtml), this will break js in the browser, since the write method will usually be disabled.

As you've discovered, this problem cannot be resolved in HTML4. In HTML5 currently, however, noscript is valid in head, so you could use HTML5 for validation purposes. (The HTML5 validator is much better than the HTML4 one anyway).

One caveat though: HTML5 has an outstanding issue (ISSUE-117) which calls for deprecation of noscript, so it's possible that by the time HTML5 reaches last call, noscript will no longer be valid in HTML5.