From aef4ed62fb781740edc748d48c1e01caddd477d5 Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Sat, 4 Oct 2025 22:28:02 +0000
Subject: [PATCH] feat: add minimal sandbox restrictions for English players
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Sandbox attributes for vidsrc and vidlink:
- allow-scripts: JavaScript работает (необходимо для плеера)
- allow-same-origin: Доступ к своему origin (необходимо для API)
- allow-forms: Работа с формами (если плеер использует)
- allow-presentation: Fullscreen режим
- allow-modals: Модальные окна (если плеер показывает)

Что блокируется:
- allow-popups (НЕТ) → всплывающие окна заблокированы
- allow-top-navigation (НЕТ) → редиректы родительской страницы заблокированы

Компромисс: плееры работают + базовая защита от редиректов
---
 pkg/handlers/players.go | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/pkg/handlers/players.go b/pkg/handlers/players.go
index 662e4b2..b4b762a 100644
--- a/pkg/handlers/players.go
+++ b/pkg/handlers/players.go
@@ -491,9 +491,9 @@ func (h *PlayersHandler) GetVidsrcPlayer(w http.ResponseWriter, r *http.Request)
 	
 	log.Printf("Generated Vidsrc URL: %s", playerURL)
 	
-	// Максимальная защита от всплывающих окон и редиректов
-	iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
-	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
+	// Sandbox с минимальными ограничениями для работы плеера
+	iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
+	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
 	
 	w.Header().Set("Content-Type", "text/html")
 	w.Write([]byte(htmlDoc))
@@ -517,9 +517,9 @@ func (h *PlayersHandler) GetVidlinkMoviePlayer(w http.ResponseWriter, r *http.Re
 	
 	log.Printf("Generated Vidlink Movie URL: %s", playerURL)
 	
-	// Максимальная защита от всплывающих окон и редиректов
-	iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
-	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
+	// Sandbox с минимальными ограничениями для работы плеера
+	iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
+	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
 	
 	w.Header().Set("Content-Type", "text/html")
 	w.Write([]byte(htmlDoc))
@@ -550,9 +550,9 @@ func (h *PlayersHandler) GetVidlinkTVPlayer(w http.ResponseWriter, r *http.Reque
 	
 	log.Printf("Generated Vidlink TV URL: %s", playerURL)
 	
-	// Максимальная защита от всплывающих окон и редиректов
-	iframe := fmt.Sprintf(`<iframe id="player" src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
-	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style><script>window.open=function(){return null;};window.close=function(){};Object.defineProperty(window,'open',{value:function(){return null;},writable:false,configurable:false});Object.defineProperty(window,'close',{value:function(){},writable:false,configurable:false});var originalLocation=window.location.href;Object.defineProperty(window,'location',{get:function(){return{href:originalLocation,replace:function(){},assign:function(){}}},set:function(){}});window.addEventListener("beforeunload",function(e){e.preventDefault();e.returnValue="";return""});document.addEventListener("click",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);document.addEventListener("mousedown",function(e){if(e.target.tagName==="IFRAME"){e.stopPropagation();e.preventDefault()}},true);setInterval(function(){if(window.location.href!==originalLocation){window.history.pushState(null,'',originalLocation)}},100);</script></head><body>%s</body></html>`, iframe)
+	// Sandbox с минимальными ограничениями для работы плеера
+	iframe := fmt.Sprintf(`<iframe id="player" src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation allow-modals" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" allow="autoplay; encrypted-media; fullscreen; picture-in-picture"></iframe>`, playerURL)
+	htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;overflow:hidden;}</style></head><body>%s</body></html>`, iframe)
 	
 	w.Header().Set("Content-Type", "text/html")
 	w.Write([]byte(htmlDoc))