[BUG] Missing HTML Character Entity `&`

[hoangnhan2ka3]

Type

• [ ] Incorrect Class Name Extraction
• [ ] Incorrect JavaScript Obfuscation
• [x] Incorrect HTML Obfuscation
• [ ] Incorrect CSS Obfuscation
• [ ] Others

Checklist

1. [x] Updated the package to the latest version
2. [x] Read all documentation
3. [x] No related issue
4. [x] Meaningful issue title

Environment

• Package Version: v.2.2.12
• Node Version: v.20.10.0

Describe the bug HTML missed obfuscated (not happen with v2.2.10)

To Reproduce

1. Go to hoangnhan.uk
2. See the error: All page title (Latest, About, Projects,...) are not applied by the style [&_h1]:font-semiboldIN THE FIRST LOAD. But when you try to move to another page or then come back to the page u visited previous, then u will see that style applied
3. Choose a page u like, then reload (Ctrl + R), u see the error again.
4. Keep it and Inspect the title.

Expected behavior In v2.2.10 at hoangnhan.co.uk, it works perfectly

Screenshots ⛔

✅

Config

module.exports = {
    enable: true, // Enable or disable the plugin.
    mode: "random", // Obfuscate mode, "random" or "simplify".
    buildFolderPath: ".next", // Build folder of your project.
    classConversionJsonFolderPath: "./css-obfuscator", // The folder path to store the before obfuscate and after obfuscated classes conversion table.
    refreshClassConversionJson: process.env.NODE_ENV !== "production", // Refresh the class conversion JSON file.

    classLength: 6, // Length of the obfuscated class name.
    classPrefix: "n", // Prefix of the obfuscated class name.
    classSuffix: "", // Suffix of the obfuscated class name.

    classIgnore: [
        "no-transition",
        "transform",
        "resize",
        "2d",
        "ltr",
        "rtl",
        /progress*/,
        /fa-.*/,
        /__variable_.*/,
        /__className_.*/,
        /os-.*/,
    ], // The class names to be ignored during obfuscation.

    allowExtensions: [".jsx", ".tsx", ".js", ".ts", ".html", ".rsc"], // The file extensions to be processed.

    contentIgnoreRegexes: [/\.jsxs\)\("\w+"/g], // The regexes to match the file content to be ignored during obfuscation.

    whiteListedFolderPaths: [], // Only obfuscate files in these folders

    blackListedFolderPaths: [
               "./.next/cache",
               /\.next\/cache/,
               /\.next\/.*\/\w+-image.*/,
               /\.next\/.*\/edge-chunks/,
        ], // Don't obfuscate files in these folders

    enableMarkers: false, // Enable or disable the obfuscate marker classes.
    markers: ["obf"], // Classes that indicate component(s) need to obfuscate.
    removeMarkersAfterObfuscated: true, // Remove the obfuscation markers from HTML elements after obfuscation.

    removeOriginalCss: true, // Delete original CSS from CSS files if it has a obfuscated version.

    generatorSeed: "84817818898", // The seed for the random generator.

    //! Experimental feature (Alpha)
    enableJsAst: false, // Whether to obfuscate JS files using abstract syntax tree parser (Experimental feature)

    logLevel: "info", // Log level
};

Related files

Obfuscated version:

index.html.txt

Without:

index.html.txt

Demos (if any) N/A

Additional context

In output index.html:

[hoangnhan2ka3]

Btw, https://github.com/soranoo/next-css-obfuscator/issues/25 was fixed in v2.2.12 🚀

[hoangnhan2ka3]

It's not fixed. It seems that the bug only appears in the part I mentioned above, in other components there are similar arbitrary classes like [&_{foo}] but do not have the above error.

Not any behavior was changed in v2.2.13 compare with v2.2.12

[hoangnhan2ka3]

ah, no, I was wrong

hmm what happen...

[hoangnhan2ka3]

Since v2.2.12, do you change any logic? because it was working on v2.2.10 (no problem with &), and I'm using v2.2.10 for now.

[soranoo]

As you can see there is no new commit. I just finished the PoC.

[soranoo]

If there is any update, the related issue will be mentioned.

[hoangnhan2ka3]

Or maybe the change of https://github.com/soranoo/next-css-obfuscator/issues/25 lead to this issue? Cuz in v2.2.12 | 13 https://github.com/soranoo/next-css-obfuscator/issues/25 was solved

[hoangnhan2ka3]

But but, u say that u removed it huh?

[soranoo]

The reason why #25 seems "solved" is I hadn't commented out all the code related to the previous buggy update. Additionally, I found there is one more "thing" related to this issue. Therefore, I can't push any updates before fully understanding what's going wrong.

[hoangnhan2ka3]

The worst case scenario is because of the new obfuscation method 🥲 https://github.com/soranoo/next-css-obfuscator/commit/53ecb88985ed0ce6daf0357c2b35e157d3be2d25

But I don't see any conflict of the new method with the random one.

[hoangnhan2ka3]

I see many complex merge from https://github.com/soranoo/next-css-obfuscator/commit/374ba8c565f4ed8d784b87607a41f970bff6b271, did u check this? specially html.ts (and related). One more case but I think it's not, is that because of Vitest =)))

[hoangnhan2ka3]

Yeah! oh, but some not...

v2.2.14-beta.4

The core problem here is that the error just happens on reload, but if u move between pages, it's normal

Edit: I think it's not "some", nothing changed, I'm just so excited...

Edit 2: Oh but it works in v2.2.14-beta.2 wow

[hoangnhan2ka3]

Okay, I've checked v2.2.14-beta.5 and it's works