HTML report breaks when inlined report.js contains </script>

[graffhyrum]

Problem

Playwright's HTML report breaks when assets are inlined into index.html.
The generated inline report.js bundle contains a literal </script> sequence.
Because the reporter injects the bundle directly into a <script type=\"module\"> block, the browser terminates the script early and renders the rest of the bundle as page text.

Expected

npx playwright show-report should render the HTML report UI normally.

Actual

The page at http://localhost:9323 displays raw JavaScript from the report bundle instead of the report UI.

Root Cause

In node_modules/playwright/lib/reporters/html.js, the HTML reporter inlines report.js with:

html = html.replace(/<script type=\"module\"[^>]*><\\/script>/, () => `<script type=\"module\">${js}</script>`);

The bundled report.js contains a literal </script> sequence from React DOM internals:

s.innerHTML="<script></script>"

That makes the inline HTML unsafe because the browser parser closes the script tag before the bundle finishes.

Repro

1. Run npx playwright test.
2. Run npx playwright show-report.
3. Open http://localhost:9323.
4. The page shows raw JS text instead of the report UI.

Workaround

Set PLAYWRIGHT_HTML_DO_NOT_INLINE_ASSETS=1 so the reporter keeps report.js external instead of embedding it into index.html.

Notes

The generated report data archive is valid.
The failure is specific to inline HTML script injection, not to the report JSON or attachments.

Recommended Fix

Escape the embedded JS before writing it into the HTML script tag, or stop inlining the JS bundle entirely when generating the report.

[pavelfeldman]

How do I reproduce this?

[graffhyrum]

How do I reproduce this?

It just started happening for me today after an update. I'll try to make a report /reprex for you by EOD tomorrow. Afaik I didn't change anything to my setup to cause it, but I'll report back once I know for sure

[graffhyrum]

Attached artifacts:

• Executable minimal repro + patch: https://gist.github.com/graffhyrum/d6e82162eff53d780eb5f422aa24e53b
• Upstream PR: Escape inline HTML report script sentinels #40139

Notes:

• The repro is intentionally trivial: expect(1).toBe(1) and no SUT.
• The isolated repro server rendered raw JS from the inlined HTML report bundle.

[pavelfeldman]

None of your links in the repro are opening.

[graffhyrum]

I dug into this more deliberately this morning. Best as I can tell, something in my setup had failed to properly update when switching to 1.59.1. I couldn't reproduce with a clean-room reprex, and the html escape appears to be fixed after hard-purging every node_modules in my system. Closing this for now, if I manage to repro again, I'll reopen. Sorry for the noise.