Welcome to CineShield
Enter a TMDB ID below to start streaming securely with ad protection.
Stream Configuration
Waiting for Input...
Ready to Stream
Enter a TMDB ID on the left and click "Play Now" to initiate your secure movie player.
Recently Streamed
No watch history yet. Your recently played items will appear here.
My Favorites
No favorites saved yet. Mark movies as favorites to save them here for quick access.
Configuration & Customization
🔗 Embed Links (Change Directly Here)
Below are the embed URL patterns. You can change these templates
directly here in the UI (it will save automatically) or paste them directly in the JS
code variable. Use {id} for movie IDs, and {id},
{season}, {episode} for TV shows.
🔑 Optional TMDB Integration
To load real movie titles, descriptions, and posters directly inside CineShield, you can paste a TMDB Read Access Token (v4 API key) or a standard API Key (v3 API key) below. This is completely optional and runs entirely in your browser!
🛡️ Ad Shield Mechanism Explanation
How the Click Shield protects you:
- Iframe Sandbox Filtering: The video player iframe uses the
HTML5
sandboxattribute. By omitting theallow-popupsandallow-popups-to-escape-sandboxdirectives by default in Balanced mode, the browser strictly blocks the player from launching background tabs or popups. - Transparent Collision Shield: CineShield places an invisible overlay right above the player. When active, mouse clicks are absorbed by our page, so they never hit the iframe. This blocks ad scripts from sensing your mouse movement or launching "first-click" full-screen ads.
- Smart Auto-Lock & Instant Re-lock: When you click Unlock, the shield temporarily dissolves. The moment you click once inside the player (e.g., to play/pause), CineShield's smart focus-monitoring immediately senses the interaction and re-locks the shield within 150ms. This permits your single click but blocks any subsequent ad pops or double-clicks instantly!
🛡️ CineShield Core Security & WAF Suite
WAF Core 1.2 ActiveAdvanced Input Protection & SQLi Defenses
SQL Injection (SQLi) is blocked dynamically in CineShield by combining strict type enforcement, regex validation signatures, and input parameterization concepts. Explore how user inputs are completely neutralized below.
🔍 Dynamic Web Application Firewall (WAF) Sandbox
Type any standard string or a malicious SQL injection payload
below (e.g., ' OR '1'='1, UNION SELECT,
DROP TABLE users) to see how the WAF scans, analyzes, and automatically
neutralizes it in real time!
', "), backslashes
(\), and comment blocks (--, /*) are
programmatically escaped or stripped to render them harmless.
🖥 disruption SQL Compilation Visualizer (Prepared Statements)
Compare how standard SQL queries get hijacked by SQL injection payloads versus how modern **Parameterized Queries (Prepared Statements)** completely segregate data from code logic, making queries unbreakable.
🚨 Vulnerable Dynamic SQL Compilation
Raw input is concatenated directly into the query string, changing the SQL execution tree:
🛡️ Secure Parameterized SQL Compilation
The query structure is pre-compiled. User input is bound strictly as raw data parameters, rendering payloads inert:
EXECUTE stmt USING @user, @password;
💻 Clean Production-Ready Defenses (Implementation Snippet)
Below is the complete Node.js/Express protection model implemented here. Copy this code into your production servers to enforce robust type validation, regex sanitization, and SQL parameterization:
// 1. Strict Parameter Validation Middleware
function enforceTypeSecurity(req, res, next) {
const tmdbId = req.query.id;
if (tmdbId && !/^\d+$/.test(tmdbId)) {
return res.status(400).json({ error: "SQL Injection Blocked: ID must be numeric." });
}
next();
}
// 2. Safe Parameterized DB Query (e.g. mysql2/pg)
async function secureUserLogin(dbConnection, username, password) {
const query = "SELECT * FROM users WHERE username = ? AND password_hash = ?";
const [rows] = await dbConnection.execute(query, [username, password]);
return rows;
}