Fix CSS identifier fallback escaping in escapeCSSIdentifier function

[coderabbitai]

Problem

The escapeCSSIdentifier function in strot/browser/inject.js has incomplete fallback escaping that can produce invalid CSS selectors when CSS.escape is not available.

Current Issues

The manual fallback escaping is missing several critical cases:

• Control characters (0x0001-0x001F, 0x007F)
• Leading digits that need hex escaping
• Hyphen followed by digit patterns (-digit)
• NULL character handling

Expected Behavior

The function should use a standards-compliant CSS.escape polyfill when the native CSS.escape method is unavailable, ensuring all edge cases produce valid CSS identifiers.

Technical Details

Current problematic code:

return identifier
  .replace(/^([-0-9])/, "\$1") // escape leading digit or hyphen
  .replace(/\s+/g, "\\ ") // escape whitespace  
  .replace(/[\!"#$%&'()*+,.\/:;<=>?@\[\\\]^`{|}~]/g, "\\$&");

Should be replaced with a robust polyfill implementation that handles all CSS identifier edge cases.

References

• Identified in PR Refactor: Optimize Parent Container Detection #49: Refactor: Optimize Parent Container Detection #49
• Discussion: Refactor: Optimize Parent Container Detection #49 (comment)

Affected Files

• strot/browser/inject.js (lines ~95-99)