From ccfd2efe908efecb21f4c617a0a0d2aa36f4d5f7 Mon Sep 17 00:00:00 2001
From: James Hawkins <jhawki2005@gmail.com>
Date: Sun, 17 Apr 2022 22:12:29 +0100
Subject: [PATCH] Add note about unsafe eval()

---
 src/providers/list/gdriveplayer/index.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/providers/list/gdriveplayer/index.ts b/src/providers/list/gdriveplayer/index.ts
index f86c8f26..7b5b1dba 100644
--- a/src/providers/list/gdriveplayer/index.ts
+++ b/src/providers/list/gdriveplayer/index.ts
@@ -79,11 +79,13 @@ export const gDrivePlayerScraper: MWMediaProvider = {
       throw new Error("Could not find stream");
     }
 
+    /// NOTE: this code requires re-write, it's not safe
     const data = unpack(script.textContent).split("var data=\\'")[1].split("\\'")[0].replace(/\\/g, "");
     const decryptedData = unpack(CryptoJS.AES.decrypt(data, "alsfheafsjklNIWORNiolNIOWNKLNXakjsfwnBdwjbwfkjbJjkopfjweopjASoiwnrflakefneiofrt", { format }).toString(CryptoJS.enc.Utf8));
     // eslint-disable-next-line
     const sources = JSON.parse(JSON.stringify(eval(decryptedData.split("sources:")[1].split(",image")[0].replace(/\\/g, "").replace(/document\.referrer/g, "\"\""))));
     const source = sources[sources.length - 1];
+    /// END
 
     return { url: `https:${source.file}`, type: source.type, captions: [] };
   },