HUD JS inject breaks site code

[oxdef]

Steps to reproduce:

1. Configure browser to use ZAP Proxy
2. Check HUD is enabled by option "Enable when using ZAP Desktop"
3. Run ZAP Desktop
4. Navigate to https://www.ozon.ru

Actual result: HUD script is injected into another one (and broke it)

<!doctype html>
<html data-n-head-ssr>
  <head>
    <script>!function(){if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetExecuted=!0;var t,n,e,o=document.createElement("iframe"),i=window;i.addEventListener?i.addEventListener("load",d,!1):i.attachEvent&&i.attachEvent("onload",d),o.src="javascript:void(0)",o.title="",o.role="presentation",(o.frameElement||o).style.cssText="width:0;height:0;border:0;display:none;",(e=document.getElementsByTagName("script")[0]).parentNode.insertBefore(o,e);try{n=o.contentWindow.document}catch(e){t=document.domain,o.src="javascript:var d=document.open();d.domain='"+t+"';void(0);",n=o.contentWindow.document}n.open()._l=function(){var e=this.createElement("script");t&&(this.domain=t),e.id="boomr-if-as",e.src="https://s.go-mpulse.net/boomerang/K2MVF-7DE4U-VZ5KD-Y5PS7-DKFZW",BOOMR_lstart=(new Date).getTime(),this.body.appendChild(e)},n.write('<body onload="document._l();"><script src="https://www.ozon.ru/zapCallBackUrl/-1189541655299551613/inject.js"></script>
'),n.close()}function d(e){i.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}}()</script>

Expected result: Correct JS injection without effects on target site

Additional information:

• ZAP 2.9.0

[psiinon]

TBH I expected more problems like this, so thanks for these details :)