Hey, just wanted to let you know that there are some pretty obvious XSS flaws in this extension.
The variables $filterURL
and $filterURLnot
are fetched from the http request and put right back into the HTML without validation. Consider using the HTML class instead of raw HTML.