From 62ecdd28c2d9fff1b4db663d5a9c79484aee1d23 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 15:34:47 -0500
Subject: [PATCH 1/8]  fix: inject HTML before <script> if top-level

---
 packages/proxy/lib/http/util/rewriter.ts | 25 ++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/packages/proxy/lib/http/util/rewriter.ts b/packages/proxy/lib/http/util/rewriter.ts
index de4d286a771..6dadddc0c7d 100644
--- a/packages/proxy/lib/http/util/rewriter.ts
+++ b/packages/proxy/lib/http/util/rewriter.ts
@@ -23,6 +23,7 @@ export type InjectionOpts = {
 }
 
 const doctypeRe = /<\!doctype.*?>/i
+const scriptRe = /<script.*?>/i
 const headRe = /<head(?!er).*?>/i
 const bodyRe = /<body.*?>/i
 const htmlRe = /<html.*?>/i
@@ -78,6 +79,25 @@ const insertAfter = (originalString, match, stringToInsert) => {
   return `${originalString.slice(0, index)} ${stringToInsert}${originalString.slice(index)}`
 }
 
+const isScriptTopLevel = (scriptMatch, headMatch) => {
+  if (!scriptMatch) {
+    return false
+  }
+
+  if (!headMatch) {
+    return true
+  }
+
+  const scriptIndex = scriptMatch.index
+  const headIndex = headMatch.index
+
+  if (scriptIndex === undefined || headIndex === undefined) {
+    return false
+  }
+
+  return scriptIndex < headIndex
+}
+
 export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
   const htmlToInject = await Promise.resolve(getHtmlToInject(opts))
 
@@ -93,8 +113,13 @@ export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
 
   // TODO: move this into regex-rewriting and have ast-rewriting handle this in its own way
 
+  const scriptMatch = html.match(scriptRe)
   const headMatch = html.match(headRe)
 
+  if (isScriptTopLevel(scriptMatch, headMatch)) {
+    return insertBefore(html, scriptMatch, htmlToInject)
+  }
+
   if (headMatch) {
     return insertAfter(html, headMatch, htmlToInject)
   }

From a4050850711a4767f7d4b5141fa95ed23f015c32 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 15:57:22 -0500
Subject: [PATCH 2/8] use htmlMatch over headMatch

---
 packages/proxy/lib/http/util/rewriter.ts | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/packages/proxy/lib/http/util/rewriter.ts b/packages/proxy/lib/http/util/rewriter.ts
index 6dadddc0c7d..31ef78b353a 100644
--- a/packages/proxy/lib/http/util/rewriter.ts
+++ b/packages/proxy/lib/http/util/rewriter.ts
@@ -79,23 +79,23 @@ const insertAfter = (originalString, match, stringToInsert) => {
   return `${originalString.slice(0, index)} ${stringToInsert}${originalString.slice(index)}`
 }
 
-const isScriptTopLevel = (scriptMatch, headMatch) => {
+const isScriptTopLevel = (scriptMatch, htmlMatch) => {
   if (!scriptMatch) {
     return false
   }
 
-  if (!headMatch) {
+  if (!htmlMatch) {
     return true
   }
 
   const scriptIndex = scriptMatch.index
-  const headIndex = headMatch.index
+  const htmlIndex = htmlMatch.index
 
-  if (scriptIndex === undefined || headIndex === undefined) {
+  if (scriptIndex === undefined || htmlIndex === undefined) {
     return false
   }
 
-  return scriptIndex < headIndex
+  return scriptIndex < htmlIndex
 }
 
 export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
@@ -114,12 +114,14 @@ export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
   // TODO: move this into regex-rewriting and have ast-rewriting handle this in its own way
 
   const scriptMatch = html.match(scriptRe)
-  const headMatch = html.match(headRe)
+  const htmlMatch = html.match(htmlRe)
 
-  if (isScriptTopLevel(scriptMatch, headMatch)) {
+  if (isScriptTopLevel(scriptMatch, htmlMatch)) {
     return insertBefore(html, scriptMatch, htmlToInject)
   }
 
+  const headMatch = html.match(headRe)
+
   if (headMatch) {
     return insertAfter(html, headMatch, htmlToInject)
   }
@@ -130,8 +132,6 @@ export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
     return insertBefore(html, bodyMatch, `<head> ${htmlToInject} </head>`)
   }
 
-  const htmlMatch = html.match(htmlRe)
-
   if (htmlMatch) {
     return insertAfter(html, htmlMatch, `<head> ${htmlToInject} </head>`)
   }

From 78d70449ddc1fc8104a98e83ef7eb051b9e4dcf4 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 16:01:22 -0500
Subject: [PATCH 3/8] Update CHANGELOG.md

---
 cli/CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md
index 06aff74eac8..4688b044b7e 100644
--- a/cli/CHANGELOG.md
+++ b/cli/CHANGELOG.md
@@ -7,6 +7,10 @@ _Released 12/2/2025 (PENDING)_
 
 - Improved performance when viewing command snapshots in the Command Log. Element highlighting is now significantly faster, especially when highlighting multiple elements or complex pages. This is achieved by reducing redundant style calculations and batching DOM operations to minimize browser reflows. Addressed in [#32951](https://github.com/cypress-io/cypress/pull/32951).
 
+**Bugfixes:**
+
+- Fixed an issue where a <script> element before <html> was not injected properly. Addressed in [#32982](https://github.com/cypress-io/cypress/pull/32982).
+
 ## 15.7.0
 
 _Released 11/19/2025_

From 2872c1669af9a671c98b1db7760c47df00e5c163 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 17:05:55 -0500
Subject: [PATCH 4/8] Create rewriter.spec.ts

---
 .../test/unit/http/util/rewriter.spec.ts      | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 packages/proxy/test/unit/http/util/rewriter.spec.ts

diff --git a/packages/proxy/test/unit/http/util/rewriter.spec.ts b/packages/proxy/test/unit/http/util/rewriter.spec.ts
new file mode 100644
index 00000000000..57738317ef3
--- /dev/null
+++ b/packages/proxy/test/unit/http/util/rewriter.spec.ts
@@ -0,0 +1,44 @@
+import { describe, expect, it } from 'vitest'
+import _ from 'lodash'
+import { html } from '../../../../lib/http/util/rewriter'
+
+const injected = `<script>(() => { TEST })()</script>`
+
+describe('http/util/rewriter', () => {
+  describe('.top-level tests', () => {
+    it('just a script tag', async () => {
+      expect(await html('<script>Original HTML</script>', {} as any, injected))
+        .toEqual(`${injected} <script>Original HTML</script>`)
+    })
+
+    it('script tag before a html tag', async () => {
+      expect(await html('<script>Original Script</script><html>Test HTML</html>', {} as any, injected))
+        .toEqual(`${injected} <script>Original Script</script><html>Test HTML</html>`)
+    })
+
+    it('script tag after a html tag', async () => {
+      expect(await html('<html>Test HTML</html><script>Original Script</script>', {} as any, injected))
+        .toEqual(`<html> <head> ${injected} </head>Test HTML</html><script>Original Script</script>`)
+    })
+
+    it('script tag inside head tag with no body tag', async () => {
+      expect(await html('<html><head><script>Original Script</script></head></html>', {} as any, injected))
+        .toEqual(`<html><head> ${injected}<script>Original Script</script></head></html>`)
+    })
+
+    it('script tag inside head tag with a body tag', async () => {
+      expect(await html('<html><head><script>Original Script</script></head><body>Example Body</body></html>', {} as any, injected))
+        .toEqual(`<html><head> ${injected}<script>Original Script</script></head><body>Example Body</body></html>`)
+    })
+
+    it('script tag inside body tag with no head tag', async () => {
+      expect(await html('<html><body><script>Original Script</script></body></html>', {} as any, injected))
+        .toEqual(`<html><head> ${injected} </head> <body><script>Original Script</script></body></html>`)
+    })
+
+    it('script tag inside body tag with a head tag', async () => {
+      expect(await html('<html><head>Original Head</head><body><script>Original Script</script></body></html>', {} as any, injected))
+        .toEqual(`<html><head> ${injected}Original Head</head><body><script>Original Script</script></body></html>`)
+    })
+  })
+})

From 304fece11ba4570210774c3c7b4d0dab9501fcf6 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 17:32:24 -0500
Subject: [PATCH 5/8] hopefully fix lint

---
 .../proxy/test/unit/http/util/rewriter.spec.ts    | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/packages/proxy/test/unit/http/util/rewriter.spec.ts b/packages/proxy/test/unit/http/util/rewriter.spec.ts
index 57738317ef3..8860fca92f5 100644
--- a/packages/proxy/test/unit/http/util/rewriter.spec.ts
+++ b/packages/proxy/test/unit/http/util/rewriter.spec.ts
@@ -1,5 +1,4 @@
 import { describe, expect, it } from 'vitest'
-import _ from 'lodash'
 import { html } from '../../../../lib/http/util/rewriter'
 
 const injected = `<script>(() => { TEST })()</script>`
@@ -8,37 +7,37 @@ describe('http/util/rewriter', () => {
   describe('.top-level tests', () => {
     it('just a script tag', async () => {
       expect(await html('<script>Original HTML</script>', {} as any, injected))
-        .toEqual(`${injected} <script>Original HTML</script>`)
+      .toEqual(`${injected} <script>Original HTML</script>`)
     })
 
     it('script tag before a html tag', async () => {
       expect(await html('<script>Original Script</script><html>Test HTML</html>', {} as any, injected))
-        .toEqual(`${injected} <script>Original Script</script><html>Test HTML</html>`)
+      .toEqual(`${injected} <script>Original Script</script><html>Test HTML</html>`)
     })
 
     it('script tag after a html tag', async () => {
       expect(await html('<html>Test HTML</html><script>Original Script</script>', {} as any, injected))
-        .toEqual(`<html> <head> ${injected} </head>Test HTML</html><script>Original Script</script>`)
+      .toEqual(`<html> <head> ${injected} </head>Test HTML</html><script>Original Script</script>`)
     })
 
     it('script tag inside head tag with no body tag', async () => {
       expect(await html('<html><head><script>Original Script</script></head></html>', {} as any, injected))
-        .toEqual(`<html><head> ${injected}<script>Original Script</script></head></html>`)
+      .toEqual(`<html><head> ${injected}<script>Original Script</script></head></html>`)
     })
 
     it('script tag inside head tag with a body tag', async () => {
       expect(await html('<html><head><script>Original Script</script></head><body>Example Body</body></html>', {} as any, injected))
-        .toEqual(`<html><head> ${injected}<script>Original Script</script></head><body>Example Body</body></html>`)
+      .toEqual(`<html><head> ${injected}<script>Original Script</script></head><body>Example Body</body></html>`)
     })
 
     it('script tag inside body tag with no head tag', async () => {
       expect(await html('<html><body><script>Original Script</script></body></html>', {} as any, injected))
-        .toEqual(`<html><head> ${injected} </head> <body><script>Original Script</script></body></html>`)
+      .toEqual(`<html><head> ${injected} </head> <body><script>Original Script</script></body></html>`)
     })
 
     it('script tag inside body tag with a head tag', async () => {
       expect(await html('<html><head>Original Head</head><body><script>Original Script</script></body></html>', {} as any, injected))
-        .toEqual(`<html><head> ${injected}Original Head</head><body><script>Original Script</script></body></html>`)
+      .toEqual(`<html><head> ${injected}Original Head</head><body><script>Original Script</script></body></html>`)
     })
   })
 })

From 536ef85bb36323b701117c4ded8e43000722c266 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 17:38:59 -0500
Subject: [PATCH 6/8] Fix mocked

---
 packages/proxy/lib/http/util/rewriter.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/proxy/lib/http/util/rewriter.ts b/packages/proxy/lib/http/util/rewriter.ts
index 31ef78b353a..910e5dcd484 100644
--- a/packages/proxy/lib/http/util/rewriter.ts
+++ b/packages/proxy/lib/http/util/rewriter.ts
@@ -98,8 +98,8 @@ const isScriptTopLevel = (scriptMatch, htmlMatch) => {
   return scriptIndex < htmlIndex
 }
 
-export async function html (html: string, opts: SecurityOpts & InjectionOpts) {
-  const htmlToInject = await Promise.resolve(getHtmlToInject(opts))
+export async function html (html: string, opts: SecurityOpts & InjectionOpts, mockedHtmlToInject: string = "") {
+  const htmlToInject = mockedHtmlToInject || await Promise.resolve(getHtmlToInject(opts))
 
   // strip clickjacking and framebusting
   // from the HTML if we've been told to

From be98238ca93eb411343fa3e509fbe4ae427a0a6e Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 18:11:51 -0500
Subject: [PATCH 7/8] fix lint

---
 packages/proxy/lib/http/util/rewriter.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/proxy/lib/http/util/rewriter.ts b/packages/proxy/lib/http/util/rewriter.ts
index 910e5dcd484..15bca54e3d8 100644
--- a/packages/proxy/lib/http/util/rewriter.ts
+++ b/packages/proxy/lib/http/util/rewriter.ts
@@ -98,7 +98,7 @@ const isScriptTopLevel = (scriptMatch, htmlMatch) => {
   return scriptIndex < htmlIndex
 }
 
-export async function html (html: string, opts: SecurityOpts & InjectionOpts, mockedHtmlToInject: string = "") {
+export async function html (html: string, opts: SecurityOpts & InjectionOpts, mockedHtmlToInject: string = '') {
   const htmlToInject = mockedHtmlToInject || await Promise.resolve(getHtmlToInject(opts))
 
   // strip clickjacking and framebusting

From 51eee9443077bf883b05dd9319ac90bdc34e8356 Mon Sep 17 00:00:00 2001
From: Alex Schwartz <alexschwartz01@gmail.com>
Date: Thu, 20 Nov 2025 18:52:24 -0500
Subject: [PATCH 8/8] empty run semantic PR test