In today's release (Cool VL Viewer v184.108.40.206), the Media Filter feature got a (potentially exploitable) bug fixed. Users of the Cool VL Viewer v220.127.116.11 should upgrade
. There is no known current exploit, but should one arise, it could possibly defeat the filtering by triggering a race condition that could lead you to allow/whitelist a wrong domain (no problem for already blacklisted/denied domains).
This new version also got a full floater implemented to allow editing the filters. See the screen-shots here
. To toggle the Media Filter floater, use the "Edit" -> "Media Filter" menu item. The media filtering feature is
now also still not (*)
active by default (can be toggled on/off from the Preferences floater, "Cool features" tab, "Miscellaneous" sub-tab).
Finally, I also added a warning to the Allow/Deny/Whitelis/Blacklist dialog whenever the requested URL contains parameters (example: http: //somehaker.com/index.php?av=Henri+Beauchamp). Such parameters (av name, id, or encoded name/id, or even a simple number) entitle a hacker to easily correlate the name of your Av with your IP.
Note that the blacklist/whitelist file had its format changed, and was therefore renamed (from medialists.xml to media_filter.xml, to be found in your user logs/per-account-settings folder), so if you used v18.104.22.168 you will have to rebuild the list using the shiny new floater.
(*) EDIT: due to my own stupidity (reverting to a previous version of the patch while I was working on it, and forgetting to reinstate the flag default value change that I did want to keep in the new reworked patch), media filtering is still off by default (this will be fixed in the next version).