Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
# URL Ultimate Filter - Changelog

## V46.39 - 2026-06-15
- [BugFix] x.com live_video_stream/status 豁免防 `%3F` 繞過:
- PATH_EXEMPTIONS regex 改為以真實 query 切分後的 raw pathname 比對
- x.com → PATH_EXEMPTIONS 改為 RE:^/i/api/1\.1/live_video_stream/status/[^/?]+$
- `status/<id>%3F/analytics/...` 不再能藉由 decode 後的 `?` 提前截斷旁路

## V46.38 - 2026-06-15
- [BugFix] x.com live_video_stream/status 豁免防 `%3F` 繞過:
- PATH_EXEMPTIONS regex 改為以真實 query 切分後的 raw pathname 比對
Expand Down
11 changes: 7 additions & 4 deletions SSOT_Compiler.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,14 @@
"""
URL Ultimate Filter - SSOT Compiler & Matrix Test Suite
-------------------------
當前版本:V46.38 (2026-06-15)
當前版本:V46.39 (2026-06-15)
最新架構更新:
- [Privacy] `x.com/i/api/1.1/graphql/error_log.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋 GraphQL 錯誤回報端點
- [Privacy] `x.com/i/api/1.1/videoads/v2/prerolls.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋影片廣告預播端點

近期更新摘要 (完整歷史軌跡請參閱 CHANGELOG.md):
- V46.38 (2026-06-15): Privacy — `x.com/i/api/1.1/graphql/error_log.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋 GraphQL 錯誤回報端點。
- V46.39 (2026-06-15): Privacy — `x.com/i/api/1.1/videoads/v2/prerolls.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋影片廣告預播端點。
- V46.38 (2026-06-15): Privacy — `x.com/i/api/1.1/graphql/error_log.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋 GraphQL 錯誤回報端點。
- V46.37 (2026-06-15): Privacy — `x.com/i/api/1.1/promoted_content/log.json` 新增 `CRITICAL_PATH_MAP` 精準封鎖,阻擋推廣內容回報端點。
- V46.36 (2026-06-15): BugFix — `abs.twimg.com` InlinePlayerAnalytics 改為 `PATH_EXEMPTIONS` 精準放行,保留版本化檔名載入能力,不再於 `CRITICAL_PATH_MAP` 提前封鎖。
- V46.35 (2026-06-14): BugFix — PATH_EXEMPTIONS regex 改為以真實 query 切分後的 raw pathname 比對,並將 x.com `live_video_stream/status` 豁免收緊為完整資源 path,封住 `%3F` 編碼分隔符旁路。
Expand Down Expand Up @@ -53,7 +55,7 @@
except Exception:
pass

VERSION = "46.38"
VERSION = "46.39"
RELEASE_DATE = "2026-06-15"

CURRENT_RELEASE_NOTES = """
Expand Down Expand Up @@ -427,7 +429,7 @@
'file.chinatimes.com': ['/ad-param.json'],
'health.tvbs.com.tw': ['/health-frontend-js/ad-read-page.js'],
'static.ctee.com.tw': ['/js/ad2019.min.js', '/js/third-party-sticky-ad-callback.min.js'],
'x.com': ['RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)'],
'x.com': ['RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/videoads/v2/prerolls\\.json(?:\\?|$)'],
'www.youtube.com': ['/ptracking', '/api/stats/atr', '/api/stats/qoe', '/api/stats/playback', '/youtubei/v1/log_event', '/youtubei/v1/log_interaction'],
'm.youtube.com': ['/ptracking', '/api/stats/atr', '/api/stats/qoe', '/api/stats/playback', '/youtubei/v1/log_event', '/youtubei/v1/log_interaction'],
'youtubei.googleapis.com': ['/youtubei/v1/log_event', '/youtubei/v1/log_interaction', '/api/stats/', '/youtubei/v1/notification/record_interactions'],
Expand Down Expand Up @@ -2960,6 +2962,7 @@ def generate_full_coverage_cases() -> List[TestCase]:
cases.append(TestCase("Safe: X InlinePlayerAnalytics JS Pass", "https://abs.twimg.com/responsive-web/client-web/ondemand.InlinePlayerAnalytics.ab7eb54a.js", RES_ALLOW, "V46.36 abs.twimg.com InlinePlayerAnalytics 改為 PATH_EXEMPTIONS 精準放行;僅允許版本化播放器分析資源,不再提前封鎖"))
cases.append(TestCase("Privacy: X Promoted Content Log Block", "https://x.com/i/api/1.1/promoted_content/log.json", RES_BLOCK_403, "V46.37 x.com promoted_content/log.json 推廣內容回報端點;以 CRITICAL_PATH_MAP 精準封鎖"))
cases.append(TestCase("Privacy: X GraphQL Error Log Block", "https://x.com/i/api/1.1/graphql/error_log.json", RES_BLOCK_403, "V46.38 x.com GraphQL error_log.json 錯誤回報端點;以 CRITICAL_PATH_MAP 精準封鎖,避免誤動 graphql/ 一般流量"))
cases.append(TestCase("Privacy: X Video Ads Prerolls Block", "https://x.com/i/api/1.1/videoads/v2/prerolls.json", RES_BLOCK_403, "V46.39 x.com videoads/v2/prerolls.json 影片廣告預播端點;以 CRITICAL_PATH_MAP 精準封鎖,避免誤傷其他 videoads 路徑"))
cases.append(TestCase("Safe: X Non-Analytics Ondemand JS Pass", "https://abs.twimg.com/responsive-web/client-web/ondemand.VideoPlayer.1a2b3c4d.js", RES_ALLOW, "V46.33 僅封鎖 InlinePlayerAnalytics 模組;其他 abs.twimg.com 按需播放器 JS 應維持放行"))
cases.append(TestCase("Safe: X Static Asset Query Contains InlinePlayerAnalytics Pass", "https://abs.twimg.com/favicon.ico?next=/responsive-web/client-web/ondemand.inlineplayeranalytics", RES_ALLOW, "V46.33 規則改為 path 起始錨定;query 夾帶目標字串的其他靜態資產不應被誤封"))
# --- V46.27 Perplexity phone verification regex block response fix ---
Expand Down
10 changes: 5 additions & 5 deletions URL-Ultimate-Filter-Surge.js
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
/**
* @file URL-Ultimate-Filter-Surge.js
* @version 46.38
* @version 46.39
* @date 2026-06-15
* @rules 1533 total (312 domains, 435 critical paths, 403 path keywords, 109 param rules)
* @rules 1534 total (312 domains, 436 critical paths, 403 path keywords, 109 param rules)
* @build SSOT Compiler — Dual-Target Compilation
*/

const CONFIG = { DEBUG_MODE: false, AC_SCAN_MAX_LENGTH: 600 };
const SCRIPT_VERSION = '46.38';
const SCRIPT_BUILD = 'V46.38 (2026-06-15) | 1533 rules | 3190 tests';
const SCRIPT_VERSION = '46.39';
const SCRIPT_BUILD = 'V46.39 (2026-06-15) | 1534 rules | 3191 tests';
const EMPTY_SET = new Set();

const OAUTH_SAFE_HARBOR = {
Expand Down Expand Up @@ -271,7 +271,7 @@ const RULES = {
'/js/ad2019.min.js', '/js/third-party-sticky-ad-callback.min.js'
])],
['x.com', new Set([
'RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)'
'RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/videoads/v2/prerolls\\.json(?:\\?|$)'
])],
['www.youtube.com', new Set([
'/ptracking', '/api/stats/atr', '/api/stats/qoe', '/api/stats/playback',
Expand Down
18 changes: 9 additions & 9 deletions URL-Ultimate-Filter-Tampermonkey.user.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
// ==UserScript==
// @name URL Ultimate Filter V46.38
// @name URL Ultimate Filter V46.39
// @namespace http://tampermonkey.net/
// @version 46.38
// @version 46.39
// @date 2026-06-15
// @description SSOT 前端防護盾牌 V46.38 (2026-06-15) | 1533 rules — 極簡盾牌 UI,獨立計數器,點擊外部自動收合。
// @rules 1533 total (312 domains · 435 critical · 109 param)
// @description SSOT 前端防護盾牌 V46.39 (2026-06-15) | 1534 rules — 極簡盾牌 UI,獨立計數器,點擊外部自動收合。
// @rules 1534 total (312 domains · 436 critical · 109 param)
// @author Jerry
// @match *://*/*
// @run-at document-start
Expand All @@ -15,15 +15,15 @@
'use strict';
/**
* @file URL-Ultimate-Filter-Tampermonkey.js
* @version 46.38
* @version 46.39
* @date 2026-06-15
* @rules 1533 total (312 domains, 435 critical paths, 403 path keywords, 109 param rules)
* @rules 1534 total (312 domains, 436 critical paths, 403 path keywords, 109 param rules)
* @build SSOT Compiler — Dual-Target Compilation
*/

const CONFIG = { DEBUG_MODE: false, AC_SCAN_MAX_LENGTH: 600 };
const SCRIPT_VERSION = '46.38';
const SCRIPT_BUILD = 'V46.38 (2026-06-15) | 1533 rules | 3190 tests';
const SCRIPT_VERSION = '46.39';
const SCRIPT_BUILD = 'V46.39 (2026-06-15) | 1534 rules | 3191 tests';
const EMPTY_SET = new Set();

const OAUTH_SAFE_HARBOR = {
Expand Down Expand Up @@ -286,7 +286,7 @@ const RULES = {
'/js/ad2019.min.js', '/js/third-party-sticky-ad-callback.min.js'
])],
['x.com', new Set([
'RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)'
'RE:^/i/api/1\\.1/promoted_content/log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/graphql/error_log\\.json(?:\\?|$)', 'RE:^/i/api/1\\.1/videoads/v2/prerolls\\.json(?:\\?|$)'
])],
['www.youtube.com', new Set([
'/ptracking', '/api/stats/atr', '/api/stats/qoe', '/api/stats/playback',
Expand Down
Loading