sovonegr/neomovies-api
1
0
Fork 0
mirror of https://gitlab.com/foxixus/neomovies-api.git synced 2025-10-27 17:38:51 +05:00
Code Issues Packages Projects Releases Wiki Activity

feat: add minimal sandbox restrictions for English players

Browse Source 
Sandbox attributes for vidsrc and vidlink:
- allow-scripts: JavaScript работает (необходимо для плеера)
- allow-same-origin: Доступ к своему origin (необходимо для API)
- allow-forms: Работа с формами (если плеер использует)
- allow-presentation: Fullscreen режим
- allow-modals: Модальные окна (если плеер показывает)

Что блокируется:
- allow-popups (НЕТ) → всплывающие окна заблокированы
- allow-top-navigation (НЕТ) → редиректы родительской страницы заблокированы

Компромисс: плееры работают + базовая защита от редиректов
This commit is contained in:
Cursor Agent
2025-10-04 22:28:02 +00:00
parent 1bb33ad436
commit aef4ed62fb
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/handlers/players.go
View File

@@ -491,9 +491,9 @@ func (h *PlayersHandler) GetVidsrcPlayer(w http.ResponseWriter, r *http.Request)
log.Printf("Generated Vidsrc URL: %s", playerURL)
// Максимальная защита от всплывающих окон и редиректов
iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
// Sandbox с минимальными ограничениями для работы плеера
iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(htmlDoc))
@@ -517,9 +517,9 @@ func (h *PlayersHandler) GetVidlinkMoviePlayer(w http.ResponseWriter, r *http.Re
log.Printf("Generated Vidlink Movie URL: %s", playerURL)
// Максимальная защита от всплывающих окон и редиректов
iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
// Sandbox с минимальными ограничениями для работы плеера
iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(htmlDoc))
@@ -550,9 +550,9 @@ func (h *PlayersHandler) GetVidlinkTVPlayer(w http.ResponseWriter, r *http.Reque
log.Printf("Generated Vidlink TV URL: %s", playerURL)
// Максимальная защита от всплывающих окон и редиректов
iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
// Sandbox с минимальными ограничениями для работы плеера
iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(htmlDoc))