sovonegr/neomovies-api
1
0
Fork 0
mirror of https://gitlab.com/foxixus/neomovies-api.git synced 2025-10-27 17:38:51 +05:00
Code Issues Packages Projects Releases Wiki Activity

feat: block popups and redirects for English players

Browse Source 
- Add sandbox attribute to vidsrc and vidlink iframes
- Sandbox allows: scripts, same-origin, forms, presentation
- Sandbox blocks: popups, top navigation, unwanted redirects
- Add referrerpolicy=no-referrer for extra security
- Improves user experience by preventing annoying popups
This commit is contained in:
Cursor Agent
2025-10-04 21:23:13 +00:00
parent 7126d0b5fb
commit edb54a8503
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/handlers/players.go
View File

@@ -532,7 +532,8 @@ func (h *PlayersHandler) GetVidsrcPlayer(w http.ResponseWriter, r *http.Request)
log.Printf("Generated Vidsrc URL: %s", playerURL) log.Printf("Generated Vidsrc URL: %s", playerURL)
iframe := fmt.Sprintf(`<iframe src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;"></iframe>`, playerURL) // Sandbox блокирует всплывающие окна и нежелательные редиректы
iframe := fmt.Sprintf(`<iframe src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" referrerpolicy="no-referrer"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe) htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidsrc Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html") w.Header().Set("Content-Type", "text/html")
@@ -557,7 +558,8 @@ func (h *PlayersHandler) GetVidlinkMoviePlayer(w http.ResponseWriter, r *http.Re
log.Printf("Generated Vidlink Movie URL: %s", playerURL) log.Printf("Generated Vidlink Movie URL: %s", playerURL)
iframe := fmt.Sprintf(`<iframe src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;"></iframe>`, playerURL) // Sandbox блокирует всплывающие окна и нежелательные редиректы
iframe := fmt.Sprintf(`<iframe src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" referrerpolicy="no-referrer"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe) htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html") w.Header().Set("Content-Type", "text/html")
@@ -589,7 +591,8 @@ func (h *PlayersHandler) GetVidlinkTVPlayer(w http.ResponseWriter, r *http.Reque
log.Printf("Generated Vidlink TV URL: %s", playerURL) log.Printf("Generated Vidlink TV URL: %s", playerURL)
iframe := fmt.Sprintf(`<iframe src="%s" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;"></iframe>`, playerURL) // Sandbox блокирует всплывающие окна и нежелательные редиректы
iframe := fmt.Sprintf(`<iframe src="%s" sandbox="allow-scripts allow-same-origin allow-forms allow-presentation" allowfullscreen loading="lazy" style="border:none;width:100%%;height:100%%;" referrerpolicy="no-referrer"></iframe>`, playerURL)
htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe) htmlDoc := fmt.Sprintf(`<!DOCTYPE html><html><head><meta charset='utf-8'/><title>Vidlink Player</title><style>html,body{margin:0;height:100%%;}</style></head><body>%s</body></html>`, iframe)
w.Header().Set("Content-Type", "text/html") w.Header().Set("Content-Type", "text/html")