play.html: Blob URL injection pentru compatibilitate Brave

Brave bloca appendChild cu textContent (anti-fingerprinting / Shields). Fix: script injectat via Blob URL (tratat ca extern), cu fallback la textContent pentru browsere fără createObjectURL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-14 17:11:59 +00:00
parent 510581345a
commit 714b68d017
1 changed files with 22 additions and 4 deletions
--- a/play.html
+++ b/play.html
@@ -363,10 +363,28 @@ var TPL    = {"classic":"\u003c!doctype html>\n\u003chtml lang=\"ro\">\n\u003che
  }
  var runEl=document.getElementById('run');
  if(!runEl){document.getElementById('intro-title').textContent='Eroare internă: motor lipsă.';return;}
-  var s=document.createElement('script');
-  s.textContent=runEl.textContent;
-  try { document.body.appendChild(s); }
-  catch(e) { document.getElementById('intro-title').textContent='Eroare browser: '+e.message; }
+  var runCode=runEl.textContent;
+  var injected=false;
+  /* Blob URL: compatibil Brave/Firefox strict fără CSP unsafe-inline */
+  try {
+    var blob=new Blob([runCode],{type:'text/javascript'});
+    var burl=URL.createObjectURL(blob);
+    var s=document.createElement('script');
+    s.src=burl;
+    await new Promise(function(res,rej){s.onload=res;s.onerror=rej;document.body.appendChild(s);});
+    URL.revokeObjectURL(burl);
+    injected=true;
+  } catch(e1) {
+    /* fallback: injectare directă (Chrome/Edge clasic) */
+    try {
+      var s2=document.createElement('script');
+      s2.textContent=runCode;
+      document.body.appendChild(s2);
+      injected=true;
+    } catch(e2) {
+      document.getElementById('intro-title').textContent='Eroare browser: '+e2.message;
+    }
+  }
 })();
 </script>
 <script type="text/plain" id="run">