In today's release (Cool VL Viewer v1.25.0.24), the Media Filter feature got a (potentially exploitable) bug fixed.
Users of the Cool VL Viewer v1.25.0.23 should upgrade. There is no known current exploit, but should one arise, it could possibly defeat the filtering by triggering a race condition that could lead you to allow/whitelist a wrong domain (no problem for already blacklisted/denied domains).
This new version also got a full floater implemented to allow editing the filters. See the screen-shots
here. To toggle the Media Filter floater, use the "Edit" -> "Media Filter" menu item. The media filtering feature is
now also still not (*) active by default (can be toggled on/off from the Preferences floater, "Cool features" tab, "Miscellaneous" sub-tab).
Finally, I also added a warning to the Allow/Deny/Whitelis/Blacklist dialog whenever the requested URL contains parameters (example: http: //somehaker.com/index.php?av=Henri+Beauchamp). Such parameters (av name, id, or encoded name/id, or even a simple number) entitle a hacker to easily correlate the name of your Av with your IP.
Note that the blacklist/whitelist file had its format changed, and was therefore renamed (from medialists.xml to media_filter.xml, to be found in your user logs/per-account-settings folder), so if you used v1.25.0.23 you will have to rebuild the list using the shiny new floater.
(*) EDIT: due to my own stupidity (reverting to a previous version of the patch while I was working on it, and forgetting to reinstate the flag default value change that I did want to keep in the new reworked patch), media filtering is still off by default (this will be fixed in the next version).