web: Make document.currentScript resilient against DOM clobbering

See
- whatwg/html#10687
- GHSA-4vvj-4cpr-p986

Author: evilpie

web/packages/core/src/current-script.ts

@@ -5,9 +5,7 @@ export let isExtension = false;
 
 try {
     if (
-        document.currentScript !== undefined &&
-        document.currentScript !== null &&
-        "src" in document.currentScript &&
+        document.currentScript instanceof HTMLScriptElement &&
         document.currentScript.src !== ""
     ) {
         let src = document.currentScript.src;
@@ -21,8 +19,8 @@ try {
         currentScriptURL = new URL(".", src);
         isExtension = currentScriptURL.protocol.includes("extension");
     }
-} catch (_e) {
-    console.warn("Unable to get currentScript URL");
+} catch (e) {
+    console.warn("Unable to get currentScript URL", e);
 }
 
 /**

web/packages/selfhosted/js/ruffle.js

@@ -7,9 +7,7 @@ let currentScriptURL = null;
 
 try {
     if (
-        document.currentScript !== undefined &&
-        document.currentScript !== null &&
-        "src" in document.currentScript &&
+        document.currentScript instanceof HTMLScriptElement &&
         document.currentScript.src !== ""
     ) {
         let src = document.currentScript.src;
@@ -22,9 +20,8 @@ try {
 
         currentScriptURL = new URL(".", src);
     }
-    // eslint-disable-next-line no-unused-vars
-} catch (_e) {
-    console.warn("Unable to get currentScript URL");
+} catch (e) {
+    console.warn("Unable to get currentScript URL", e);
 }
 
 function publicPath(config) {