BETA FIVE: * Fixed a potential JavaScript exploit that could result from including HTML in a bad URL. Proxomitron's error message output would echo the URL to the browser allowing the code to be processed. This could let JavaScript run seemingly under that URL (and might lead to cookie vulnerabilities). All echoed text is now HTML escaped before being printed. (My thanks to Hiromitsu Takagi for alerting me to this). * Added $ESC command to keep $UESC from hogging all the glory. * Bug with NEST & INEST commands not checking inner match fixed. * Added missing ViewSrc.css * Made sure filter names have any HTML escaped in source view * Re-Arranged the sorce view styles a bit and added crude line wrap for very long lines. BETA FIVE (Pre-Release): * All new HTML help file! * Proxomitron now should redraw its SysTray icon if explorer crashes * Increased the size of the replacement stack to 100 items. * Added syntax highlighting for source & debug views. Use the ViewSrc.css file in Proxomitron's html folder to customize the colors and fonts. It's pretty simple minded (does weird things in scripts sometimes), but makes the listings a good deal easier to read. * Added special http://Local.ptron/ URL. This acts as a simple web server to share access to items in Proxomitron's hmtl folder. Only those allowed to connect to Proxomitron can access these, and it's safer than using the http://file/ syntax (which allows access to all files). This can be used to load remotely images, scripts, style sheets, and such when using Proxomitron from other machines (Proxomitron's error messages now use this too). * Added $STOP() command (disables a filter for the rest of the page). * Added $NEST() and $INEST() matching commands. * Added work-around for some URLs with illegal unescaped characters. * Added "&&" (double AND) for bounded and checks (see docs) * Changed the order of precedence so "&" comes before "|". This is probably more correct and makes using "&&" easier (since it has the same precedence as "&"), but may affect some filters. Of the defaults, the banner blaster needed some re-arranging (also modified it to use "&&"). Keep this in mind if you're using an earlier version. * Added $AV() and $AVQ() matching commands and adjusted some filters to use them. * Fixed a parsing bug in certain matching commands. * Fixed header filters not being sorted properly on load. * $CTYP command is now $TYPE (and now actually works too). * Fixed a window re-positioning problem. BETA FOUR: Features * "Profile" option added to filter test - gives you a rough but sometimes useful estimate of a filter's efficiency. * Speed improvements on webpage filters * Ability to index many items in Blocklists (speeds up large lists). * Added several new URL commands for partial bypass... bout.. Bypass outgoing header filters bin.. Bypass incoming header filters bweb.. Bypass web filters * Some basic contact info added to the "Help" menu BETA FOUR: Fixes * Fixed crash when hitting enter on an empty filter list (inevitable fallout from the new "find" option ;-). * Reduced the flicker when resizing windows. * Fixed bug where IP access range wasn't saving if the first IP address was zero. * Fixed problem with IE when starting proxomitron with a URL. BETA THREE: Features * Ok I finally made the Web filter editor resizeable so you can stop asking me now. ;-) It also features a splitter between the matching and replace edit windows which was also needed for the resizing to be most useful. * In the same vein, window sizes are now saved in the config! Beware though, the program won't prompt you to save the config due to changes in window sizes alone. Still you can always save from the "File" menu even when the save icon is grayed. * Added an "Apply" button to the Header filters. Initially only the web filters had this since they were used far more often. However all the new URL commands have pushed the header filters a bit more into the forefront. * Added a new option to the Config access tab: "Prefix all URL commands with". This can be used to add an extra layer of security to the URL based commands Proxomitron understands. Any URL must begin with whatever text is specified here before a URL based command will be processed. Use this as a kind of password protection. For example, the URL commands "http://file/..." can be used to load a local file from the hard drive. However if you allow other PCs to access Proxomitron, this could be a serious security risk. By including a URL prefix such as "myprefix." the command will only work if typed like so... "http://myprefix.file/filename". Note: if a URL command is used internally in a $RDIR command, it's not necessary to add the prefix. This allows filters to be written without needing to know if any prefix is being used. This should be safe as the filter itself controls the use of the URL command. Another use for this feature is to overcome Opera's reluctance to send hostnames without a dot "." to a proxy (it assumes the names are local and should not be proxied). By including a dotted prefix the commands can be processed without problems. * Added a "Find" option to the filter lists. The filter list will only display filters that include in their title, words matching what's entered in the find box (yeah, I admit it's an idea stolen from several popular news readers ;-) It's still pretty basic, and may yet have problems, but it should help when dealing with really large lists of filters. Actually it's kind of a stop-gap measure until I can find the time to redo the GUI and perhaps include something like sub-folders. * Added List options to the context menu of the "Bypass URL" edit box. * changed the $UESC() command to unescape any normal ASCII character (anything between "!" and "~") * Some updates have been made to the included filters BETA THREE: fixes * Fixed a bug that could cause a crash in some cases if a web server produced an invalid response to a request. * Added some code to trap hardware exceptions. This may help me track down what's still causing crashes for some users. * Changed proxy authorization to send "Basic user:pass" instead of "basic user:pass" (MS proxies appear to be case sensitive). * Fixed a problem with persistent connections and some HEAD requests * Fixed a bug with the "Use SSLeay" checkbox in the config dialog. * Corrected a problem with using lists in the "Bypass URL" match in the config section. Actually this has a more global effect as you can now add a call to a list to a filter before the list itself exists. It will go into effect once a list with the same name is added later. Previously the filter wouldn't work until the config was saved and reloaded or the filter was re-parsed. BETA TWO: Features * New dbug URL command shows the page in debug mode * You can now have multiple URL commands - as in... http://src..file//C:/web/somefile.html http://bypass..src..www.somepage.com/ * Added a new option when using the square bracket matches [...] to check for a specific byte values. Just enter the value within a URL style hex escape as in... "[%2a]" for a single char or "[%20-%41]" for a range of values. BETA TWO: Bug fixes * Problem with escapes within brackets (as in "[\n]") * Bounds match rules being set to lower case * "Minimize Proxomitron to system tray" option doing a erroneous SSLeay dll check. * Crash when using some replace commands (like "\q" or "\a") in the matching expression instead. * Possible Priority inversion lock with IE fixed (I hope) It appears IE might up its own priority to give it an advantage over other winsock apps. That's no too smart when it's depending on one of those other apps for its input!