By using `display: flex` and `flex-direction: column-reverse`, the chat
now automatically scrolls down when loaded, without requiring any
extra JavaScript.
We still need to scroll down with JavaScript when sending a message.
By using `column-reverse`, the messages container now works in reverse.
So the newest message is the first element in the container and the
oldest message is the last. This is the reverse of before.
Due to this, this change will likely break some plugins.
That way we don't lose the user's input values, we avoid flashing and we
avoid unnecessary rendering.
In the process, fixed an annoying issue where Chrome auto-completes
what it thinks is the username into the "Language Tag" field of the MUC
config form.
Instead we tell Chrome that the MUC JID is the username, thereby also
letting it save the password to to that JID.
Currently, in order for Converse.js to recognize a pasted URL as an
image, it must be an URL whose protocol is `https:` (`https` in the
URI.js library's notation). This is sensible, but means that any
non-HTTPS image URL is not recognized as a valid URL (and thus will not
be rendered inline, even if `show_images_inline` is set to `true`).
It is important to always check for HTTPS URLs when in a secure context
(i.e., the initial page load was requested via HTTPS) in order to ensure
that non-secured content does not mix with secured content. However, the
inverse is not true: if the original page was loaded over HTTP, then
enforcing HTTPS for images adds arguably no meaningful protection while
also breaking the `show_images_inline` feature for the edge cases where
Converse.js is deployed without HTTPS and a user pastes an HTTP URL.
This patch changes the behavior of the `isImageURL` method such that the
requirement for the pasted URL's protocol to be `https:` is enforced
only when the `window.location.protocol` itself is also `https:`. By
doing this, we ensure that secure origins (i.e., when Converse.js is
loaded over HTTPS initially) are still secured and cannot have non-HTTPS
content introduced to the page via a pasted non-HTTPS URL, however it
also allows non-HTTPS origins to render both HTTP and HTTPS image URLs.
As per XEP-0004, the default "type" of data form fields is
"text-single", so a missing "type" attribute should not be treated
differently.
This fixes handling of CAPTCHAs offered by ejabberd.
So that we first render dynamic content (e.g. images) before inserting
it into the chat.
Also, add the `show_images_inline` setting (which is the cause of this
whole change).
Updated tests to handle this new change and start using async/await
instead of promise callbacks.
