Ensure router only targets scripts for execution

[matthewp]

Changes

• Uses document.getElementsByTagName instead of document.scripts.
• HTML has a strange feature where elements with a name attribute get placed on the document object, so if you had for example <img name="scripts"> this would override document.scripts.
• This is a potential security vulnerability. Also we want to actually execute the scripts, so it's also a bug.

Testing

• Added a test via a DOM that interferes with scripts running. Existing script tests fail without the fix.

Docs

N/A, bug fix

[changeset-bot]

🦋 Changeset detected

Latest commit: 6dedef4

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[bluwy]

Is this change to fix the odd firefox e2e fail? I sent a PR to fix it #12188, but skipped for firefox instead since the tests isn't actually working and testing correctly. (I also updated the test). Maybe we can revert this part and merge that PR instead.

[matthewp]

archive.org is down due to a DDOS, was down all day yesterday, I spend a significant amount of time thinking the tests were really broken! https://archive.org/details/movies

I added the smallest mp4 I could create, I promise.

[bluwy]

I know you did, it's slightly smaller than mine, but dare I say mine has more pizzazz 😄

Anyways I don't mind if you want to merge with your fix. I'd still like to get mine in too after to fix the tests though as it wasn't really testing the video playback right (it wasn't ever started in the test so currentTime is always 0).

[bluwy]

Fix looks great. Have a question about the e2e test change