Your problem is akin to the following:

You are trying to prevent the production of cheese by controlling the flow of milk to the producer. However, you have no control over the flow of cows to the producer, nor do you have knowlege/control over whether the producer has cows to begin with. And so you wonder why he can still make cheese....

Javascript is a programming language executed at the client. It has facilities for manipulating strings and jamming them into URLs. Consequently, there is really NO effective way to guarantee that a client can't be passed a piece of javascript that will generate a URL which will point to a server other than your proxy -- in fact, since http://(long) is valid in many browsers, it is an almost trivial exercise to construct such a workaround. Unless you can control their physical access to the internet (putting the client's IP on a private network, for instance) there is no way you can force a client to use a proxy.

You could simply have your proxy strip out ALL javascript, but that would have potentially undesirable side effects. And, it would still be no guarantee that the client couldn't be routed around your proxy by a URL generated in, say, a Java applet, or an ActiveX control, or RealPlayer, or one of countless other ways.

Spud Zeppelin * spud@spudzeppelin.com