*******************************************************************************
Change Log
*******************************************************************************


June 2nd 2007
    User Interface:
	Web config control: Some simplifications and additions (incl.
	interception of event listeners).

	Proxomitron menu: "DOM Source" supports syntax highlighting.

	Google: New themes.  Integration of some "Google Experimental"
	features.

	CastleCops: New filter: "Auto Login".

    Script Blocking:
	Generic script blocking is subsumed under one header control category.
	Three levels: all scripts, all third party scripts, specific third
	party scripts.

	New filter that scans for certain tracking modules in external scripts.

	New list "AdHosts-J", containing common hosts for external (ad,
	tracking, resource hog) scripts, inserting dummy functions if required.

    Security:
	Numerous additions - mainly to already existing filters/lists - to
	cover current in-the-wild exploits.

	ClassIDs list uncoupled from - meanwhile stale - master lists (now
	based on a scan of ~20K stopbadware.org sites).

    Local Connections:
	Proxomitron's own stylesheets get concatenated by a filter to a single
	file.  The mix depends on browser, config mode, chosen config-control
	settings, and connection response.

	If supported by the browser, small local files don't get requested as
	external resource, but are encoded in "data:" URIs.

    Technical:
	Work-around for IE7's Dot security, which blocks Proxomitron's ".."
	URL commands.  Integrated into the config's Half-SSL option.
	For manual use like in bookmarklets, use e.g. "http://px.src-px-."
	instead of "http://px.src.."

	Flash toggler doesn't preload files in IE anymore.  Also, you should
	always get the direct link to the Flash now, instead of "about:blank"
	for scripted Flash previously.

	Data and functions for the Proxomitron menu moved to a separate file,
	"proxjs-x-menu.js", which only gets loaded on demand (first left-click
	on a non-link element).

	Proxomitron's files aren't injected anymore into documents that
	identify as AJAX includes (Prototype/jQuery/mootools scripts add an
	"x-requested-with" header).

    Various bugfixes, additions, removals, and improvements.


September 3rd 2006
    User Options, Interface, Help:
	Added switch for Advanced Mode, "Sel. Mouse Events to Buttons" (see
	comment inside filter for details).  Generally, Advanced Mode got
	tighter, while Normal Mode got a bit laxer.

	Third Party iFrames aren't blocked anymore but converted to toggles:
	You can load an individual frame inline or in the top window, or
	load/unload all frames at once.  Also note the "iFrame Toggle: Extend
	to Onsite URLs" config switch.

	"setTimeout" timers are now allowed for the first 5-15 seconds after
	page load.  Then the usual timer button will appear, unless you	click
	on the page within that time.
	This fixes problems with popular Web2 sites like netvibes, protopage,
	start.com, and allows you to override interception in cases where the
	timer button can't be displayed (e.g. news.bbc.co.uk).

	"AdKeys-S" can now optionally replace removed tags with dummy blocks
	(see header comment for details).

	You can send any user-agent string via IncludeExclude-U.  However, in
	most cases you may want to stick to the usual, ready-made fake strings
	(see respective list section for details).

	Both, the general and the user IncludeExclude list use the same format
	now.  If you want to add entries from your old IncludeExclude-U.ptxt,
	please replace
		"$SET(keyword=$GET(keyword)" with "$SET(0=", and
		"$SET(flag=$GET(flag)" with "$SET(1=", respectively.

	Finished help file for Proxomitron menu (Prox_Menu.txt).
	Added "Window Handling" and "Ads" sections to documentation of Config
	Control options (Config_Control.txt).

    Proxomitron Menu:
	"Toggle 'xxx' CSS" (and Style Selector) enabled for Opera 9 too.

	"Show 'xxx' Script(s)":  Rewritten to work in IE and Opera as well,
	and to also show blocked inline and external scripts (labeled as
	"Blocked").  Make sure to read the respective section in Prox_menu.txt
	if you intend to use this.

	"JS Variables" and "Classes & IDs" don't show Proxomitron's own
	additions anymore, unless while in Debug Mode.

    Script Blocking:
	Two new filters that check incoming scripts for signatures of popular
	tracking companies, block them on match, and insert dummy functions if
	needed to keep the main document parsed correctly.

	New list "AdPaths-J" that contains common paths of external tracking
	scripts, again inserting dummy functions if need be.

	Added extra routines to "Remove: Ad Scripts - Noscript", killing
	script groups with noscript blocks that contain either webbugs or
	off-domain iframes.

	"AdKeys" split into "AdKeys" and "AdKeys-J", latter containing keywords
	just used in scripts.

	You can block JS functions per site and name via IncludeExclude-U.

	"Block: Third Party Scripts" updated and reintroduced (upon request -
	off by default).

	Notes:
	   Please don't modify the "BypassURL" entry in Proxomitron's settings,
	   as most of above would probably break.
	   There's a new bottom flyover, "js in", showing info about blocked
	   incoming scripts, if any.

    Technical:
	Each browser gets its own secondary CSS, this should also help
	keeping Opera 9's new error console clean from Prox entries.

	Flash toggler rewritten to catch most (but not all) recently appearing
	scripted Flash.  The left "Toggle" part should always work, while the
	right "Flash" part will now load "about:blank" in cases where the Flash
	URL can't be extracted.

	Proxomitron script rewritten, in order to keep Prox variables out of
	the top namespace and remove bottlenecks (like "eval").

	Filters and script modified to better work with strict XHTML, as well
	as delayed loading of page content (AJAX).

	Tightened filtering of cookie content (see CookieValues list).

	AdHosts/AdDomains synced with pgl's Hosts file.  Remaining ad lists
	updated and verified.

    Various bugfixes and improvements.


March 5th 2006
    User Options:
	You can choose between five Config Modes:  Minimal, Light, Standard,
	Advanced, and Debug (see "Config_Control.txt").  You may also assign a
	certain mode to a specific site.

	You can limit animated GIFs to a few loops instead of freezing them
	(see the ReadMe's "Installation").

	You can insert site-specific user scripts via IncludeExclude-U.

    Proxomitron Menu:
	The number of page styles (IE & Gecko only) and scripts (all three
	browsers) are shown as a menu item or header.  An "All Scripts" link
	displays all page scripts in a single window (Gecko only).  JavaScript
	Shell upgraded to version 1.4 (works in all three browsers again).

	The Config Mode can be switched from within the menu, too.

	The menu icon (as well as the informational flyover links) is now
	suppressed in small frames and iframes, unless you're in Debug Mode.

    Ads, Cookies, Annoyances, Security:
	Incoming ad scripts which made it past the webfilters get blocked.

	Also scan stylesheets for ad strings (WIP).

	All ad lists updated and verified.  Quick-tests for limiting individual
	entries - to match only on certain conditions - extended (explained in
	the list's header comment).

	Session-only cookie filters now also cover "max-age" cookies.  Cookies
	with expiration dates in the past (IOW, cookie removals) aren't altered
	anymore.

	Timers are intercepted with a button if they start unrequested, instead
	of looking at their function names as previously.

	Scripted resizing of the main window is always blocked by default,
	whereas requested popups are allowed to resize themselves.

	Look if docs that come with an "image" content-type aren't something
	else (filtering "GIFs" needs to be activated by the user tho, see the
	ReadMe's "Installation").  Also add "pl", "wmf", "xml" to "Sniff
	content" list.

	Proxomitron's URL commands get removed from JS "location" properties.

    Technical:
	New list "Content-Types.ptxt" that acts upon the incoming content-type
	and fixes common notation errors.

	Nested open tags aren't counted anymore.  Instead, they are closed with
	a JS function at the end of page (by checking the DOM tree; open tags
	may prevent the browser from parsing our own insertions).

	Pages are prevented from accessing our own stylesheets.

	Fixes for IE's "can't execute code from a freed script" error on pages
	with complex charcodes.

	Just a basic Proxomitron script gets inserted for old browsers and in
	Minimal Mode.  Inserted Proxomitron stylesheets depend on browser and
	chosen Config Control options as well.

    Various bugfixes and improvements.


June 9th 2005
	Small external ad scripts aren't broken anymore, but their content is
	replaced.

	New level-3 filters:  "<frameset>: Jump out of Ad Frames" and "<div>
	Remove: Ad Sources".  (Disabled while using "Light Settings".)

	Blocking of images and Flash objects that contain the controversial
	string "banner" in their path has become a bit more aggressive.
	However, it can be turned off by unticking the new option "Block Off-
	Domain Banners" (or amplified by selecting "Block On-Domain Banners").

	Proxomitron menu:  A third "Session" button temporarily changes
	selected config options, until it is pressed again without having
	selected anything or the config is reloaded.
	Hitting "Go" without checking any options now strips all keywords from
	the URL.
	"Popularity" link replaces former "Link To" (see Prox_Menu.txt).
	Javascript Shell upgraded to version 1.3 for Mozilla/Opera (IE still
	gets v1.1 due to a bug in v1.2/1.3).

	Window handling:  Some more options added.  Fix for requested popups
	that need to load an unrequested popup in order to work.  Fix for
	"JS Links to normal Links" filter to suppress window resizing when
	opening converted links.

	AdComments.ptxt:  Obsolete entries removed, new entries added, generic
	rules rewritten (just one unhashed entry left).

	Count.ptxt:  Rewritten to no longer user recursive calls and to not
	show up in the log window - by Mike/z12, Mona, and me.

	Caching header filters improved - by Mike/z12 and me.

	Malware ClassID filters:  Also match chopped IDs
	(example: http://www.mt-download.com/mtrslib2.js ).

	Keycodes changed to work better with Firefox and Opera
	(see Abbreviations.txt).

	The content of XML documents that don't come with the correct content-
	type is sniffed, and protected from filtering if it's not (X)HTML.

	Redirects from images, CSS, JS with standard extensions to documents
	with non-standard extensions (i.e. some sort of 404 error pages) are
	killed now - they tend to slow down page loading
	(real 404s get killed as well).

	The old AdKeys.ptxt was merged into AdList.ptxt, thus reducing the
	previous AdKeys -> AdList -> AdHosts/AdDomains/AdPaths chain by one
	link.  The previous AdStrings.ptxt in turn is now called AdKeys.ptxt.

	If you know the class/ID/name of a tag block that you want to see
	removed on a specific site, you can add it to AdKeys-S.ptxt.  This list
	is scanned by the "Remove: Ad Containers on sel. Sites" webfilter.

	Various bugfixes and improvements.


April 2nd 2005
	Rewrite of the "heavy duty" Ad Links filter.  Other ad-blocking filters
	changed as well, mostly regarding speed and preserving of page layout.

	IP cookies are not killed anymore, but their value gets replaced with a
	random US IP address.  This is to get around server-side request
	blocking (e.g. at hostultra memberpages).

	Cut down on site specific filters and IncludeExclude entries (obsolete,
	rarely used, or handled by general filters now).

	Webbug filter changed to not break DHTML menus that depend on
	positional GIFs.

	Fly-over function changed to not disrupt page layout in IE while in
	standards-compliant mode.

	Some sort of failure protection (don't break page, if something goes
	wrong) added to a few filters.

	"window.resizeTo" and "window.moveTo" are intercepted now and blocked,
	if the request was fullscreen.  You'll see a notification at the bottom
	of the page, if a resize attempt was blocked or allowed.

	Yahoo/Google filters adjusted to changed layout.

	Ad and security lists updated.

	Format of Ad Dimension list changed to also match escaped quotes.

	Javascript Shell (Proxomitron menu) upgraded to version 1.1.

	New document, "Prox_Menu.txt" - Work in Progress.

	Various bugfixes and little enhancements.


February 22th 2005
	New "Config Control" document, still work in progress, but already
	explains the most important options.

	URL commands launched internally or from the Prox menu don't show up as
	"subdomain" anymore (except Half-SSL "http://https.." links).
	This is to avoid problems with hostname specific cookies and to prevent
	sending the personal URL command prefix to the server while using the
	"bypass.." command.

	Several additions for the "Debug Mode" switch.

	Added Webfilter subsection "Possible Exploits" with a couple of
	filters (off by default).

	New user list "IncludeExclude-U".  Site-specific keywords added here
	get appended to those already set in "IncludeExclude".

	"Half-SSL" got its own config control switch (defaults to off).

	Modifications to the original page layout, like dimming white
	backgrounds, increasing small fonts, protocol dependent link styles,
	etc., can be switched on/off with a new "Allow Page Layout Changes"
	config control option.

	Various bugfixes and little enhancements.


December 28th 2004
	Bugfixed release version.


December 15th 2004
	Public pre-release.

	Added "Half-SSL", based on filters by Scott, JarC, and JJoe.
	It circumvents re-encrypting of documents after filtering, and alert
	messages in Mozilla and Opera.  SSLeay32.dll and Libeay32.dll are now
	required.  Selecting "Use SSLeay/OpenSSL" under Options is still
	optional tho.

	Changed handling of headers related to caching (see "Cache Handling"
	section in the ReadMe).  Note that these headers get filtered for
	local.ptron files as well.  Also note that CTRL-Refresh forces a fresh
	copy now in *all* browsers.

	Ad lists rebuilt from scratch.

	"AliasList" and "AliasJump" got merged with "IncludeExclude".
	Please copy your existing custom aliases and redirects to that list.

	Proxy spoofing.  It "hides" your real IP address from websites by
	pretending that your computer is a proxy server, forwarding requests
	for another IP address.  Based on JakBeNymble's filters.  The "other"
	IP is one out of a bunch of US IPs that will be constant per domain
	until Proxomitron is restarted.
	By default only enabled for selected sites.  For permanent spoofing
	activate the "Set Flag: Proxy Spoofing by Default" header filter.

	Timers ("setInterval" and certain "setTimeout" functions) are now
	intercepted and displayed as start/stop buttons in Gecko browsers and
	Opera or ordinary links in IE, repectively.

	New - relatively positioned - Proxomitron menu (appears lower right on
	mouse click)

	Reactivation of the "<a>: JS Hrefs to Link" filter which became
	acceptable with the new clickable flyover.


April 11th 2004
	First release version.

	A "clickable flyover" function, currently only used for the
	"<a>: URL Untangler" filter and the event buttons.  More to come.


March 8th 2004
	First public beta.

	New site-specific filters.


February 8th 2004
	You can apply user stylesheets.  Scott's page -
	http://www.geocities.com/srl_list/index.html
	- is styled as an example.  Three W3C Core Styles are included -- See
	IncludeExclude.ptxt -> "use a local stylesheet".


November 19th 2003
	First version that is actually usable for other people than me :-).

	Adopted Mona's config layout.

	External scripts and sylesheets with non-standard extensions, that are
	called from web pages are written to temporary lists to make sure that
	they are requested with the proper Content-Type.


*EOF*
