encorporate url encoding issue fix from ddba232a31

proxychain/responsemodifers/rewrite_http_resource_urls.go

@@ -37,21 +37,20 @@ func init() {
 		"pluginspage": true,
 	}
 
-
 	// define URIs to NOT rewrite
 	// for example: don't overwrite <img src="data:image/png;base64;iVBORw...">"
-	schemeBlacklist = map[string]bool {
+	schemeBlacklist = map[string]bool{
-		"data": true,
+		"data":       true,
-		"tel": true,
+		"tel":        true,
-		"mailto": true,
+		"mailto":     true,
-		"file": true,
+		"file":       true,
-		"blob": true,
+		"blob":       true,
 		"javascript": true,
-		"about": true,
+		"about":      true,
-		"magnet": true,
+		"magnet":     true,
-		"ws": true,
+		"ws":         true,
-		"wss": true,
+		"wss":        true,
-		"ftp": true,
+		"ftp":        true,
 	}
 }
 
@@ -63,6 +62,8 @@ type HTMLResourceURLRewriter struct {
 	tokenizer             *html.Tokenizer
 	currentToken          html.Token
 	tokenBuffer           *bytes.Buffer
+	scriptContentBuffer   *bytes.Buffer
+	insideScript          bool
 	currentTokenIndex     int
 	currentTokenProcessed bool
 	proxyURL              string // ladder URL, not proxied site URL
@@ -72,12 +73,14 @@ type HTMLResourceURLRewriter struct {
 // It initializes the tokenizer with the provided source and sets the proxy URL.
 func NewHTMLResourceURLRewriter(src io.ReadCloser, baseURL *url.URL, proxyURL string) *HTMLResourceURLRewriter {
 	return &HTMLResourceURLRewriter{
-		tokenizer:         html.NewTokenizer(src),
+		tokenizer:           html.NewTokenizer(src),
-		currentToken:      html.Token{},
+		currentToken:        html.Token{},
-		currentTokenIndex: 0,
+		currentTokenIndex:   0,
-		tokenBuffer:       new(bytes.Buffer),
+		tokenBuffer:         new(bytes.Buffer),
-		baseURL:           baseURL,
+		scriptContentBuffer: new(bytes.Buffer),
-		proxyURL:          proxyURL,
+		insideScript:        false,
+		baseURL:             baseURL,
+		proxyURL:            proxyURL,
 	}
 }
 
@@ -116,7 +119,29 @@ func (r *HTMLResourceURLRewriter) Read(p []byte) (int, error) {
 		}
 
 		r.tokenBuffer.Reset()
-		r.tokenBuffer.WriteString(r.currentToken.String())
+
+		// unescape script contents, not sure why tokenizer will escape things
+		switch tokenType {
+		case html.StartTagToken:
+			if r.currentToken.Data == "script" {
+				r.insideScript = true
+				r.scriptContentBuffer.Reset() // Reset buffer for new script contents
+			}
+			r.tokenBuffer.WriteString(r.currentToken.String()) // Write the start tag
+		case html.EndTagToken:
+			if r.currentToken.Data == "script" {
+				r.insideScript = false
+				modScript := modifyInlineScript(r.scriptContentBuffer)
+				r.tokenBuffer.WriteString(modScript)
+			}
+			r.tokenBuffer.WriteString(r.currentToken.String())
+		default:
+			if r.insideScript {
+				r.scriptContentBuffer.WriteString(r.currentToken.String())
+			} else {
+				r.tokenBuffer.WriteString(r.currentToken.String())
+			}
+		}
 
 		// inject <script> right after <head>
 		isHeadToken := (r.currentToken.Type == html.StartTagToken || r.currentToken.Type == html.SelfClosingTagToken) && r.currentToken.Data == "head"
@@ -147,6 +172,11 @@ func injectScript(tokenBuffer *bytes.Buffer, script string) {
 	)
 }
 
+// possible ad-blocking / bypassing opportunity here
+func modifyInlineScript(scriptContentBuffer *bytes.Buffer) string {
+	return html.UnescapeString(scriptContentBuffer.String())
+}
+
 // Root-relative URLs: These are relative to the root path and start with a "/".
 func handleRootRelativePath(attr *html.Attribute, baseURL *url.URL) {
 	// doublecheck this is a valid relative URL

proxychain/responsemodifers/rewrite_js_resource_urls.js

@@ -18,6 +18,8 @@
    function rewriteURL(url) {
         const oldUrl = url 
         if (!url) return url
+        let isStr = (typeof url.startsWith === 'function')
+        if (!isStr) return url
         // don't rewrite invalid URIs
         try { new URL(url) } catch { return url }