![]() Currently, in order for Converse.js to recognize a pasted URL as an image, it must be an URL whose protocol is `https:` (`https` in the URI.js library's notation). This is sensible, but means that any non-HTTPS image URL is not recognized as a valid URL (and thus will not be rendered inline, even if `show_images_inline` is set to `true`). It is important to always check for HTTPS URLs when in a secure context (i.e., the initial page load was requested via HTTPS) in order to ensure that non-secured content does not mix with secured content. However, the inverse is not true: if the original page was loaded over HTTP, then enforcing HTTPS for images adds arguably no meaningful protection while also breaking the `show_images_inline` feature for the edge cases where Converse.js is deployed without HTTPS and a user pastes an HTTP URL. This patch changes the behavior of the `isImageURL` method such that the requirement for the pasted URL's protocol to be `https:` is enforced only when the `window.location.protocol` itself is also `https:`. By doing this, we ensure that secure origins (i.e., when Converse.js is loaded over HTTPS initially) are still secured and cannot have non-HTTPS content introduced to the page via a pasted non-HTTPS URL, however it also allows non-HTTPS origins to render both HTTP and HTTPS image URLs. |
||
---|---|---|
.github | ||
converse-logs | ||
css | ||
demo | ||
dist | ||
docs | ||
fonts | ||
locale | ||
logo | ||
mockup | ||
sass | ||
sounds | ||
spec | ||
src | ||
tests | ||
.eslintrc.json | ||
.gitignore | ||
.travis.yml | ||
buildout.cfg | ||
CHANGES.md | ||
composer.json | ||
COPYRIGHT | ||
dev.html | ||
fullscreen.html | ||
index.html | ||
jshintrc | ||
jslicenses.html | ||
lerna.json | ||
LICENSE | ||
Makefile | ||
Makefile.win | ||
mobile.html | ||
package-lock.json | ||
package.json | ||
README.md | ||
redirect.html | ||
RELEASE.md | ||
requirements.txt | ||
webpack.config.js |
Converse
Converse is a web based XMPP/Jabber chat client.
You can either use it as a webchat app, or you can integrate it into your own website.
It's 100% client-side JavaScript, HTML and CSS and the only backend required is a modern XMPP server.
Please support this project via Patreon or Liberapay
Demo
Converse is hosted and can be used at https://conversejs.org.
A demo showing anonymous login is available at https://conversejs.org/demo/anonymous.html and a demo which shows how you can embed a single chat room into a page is avialable at https://conversejs.org/demo/embedded.html.
Converse in overlay mode
Converse in fullpage mode
Documentation
The developer/integrator documentation can be found at https://conversejs.org/docs/html.
You'll probably want to begin with the quickstart guide, which shows you how to use the CDN (content delivery network) to quickly get a demo up and running.
Features
- Available as overlayed chat boxes or as a fullscreen application. See inverse.chat for the fullscreen version.
- A plugin architecture based on pluggable.js
- Single-user and group chats
- Contacts and groups
- Multi-user chat rooms XEP 45
- Chatroom bookmarks XEP 48
- Direct invitations to chat rooms XEP 249
- vCard support XEP 54
- Service discovery XEP 30
- In-band registration XEP 77
- Roster item exchange XEP 144
- Chat statuses (online, busy, away, offline)
- Custom status messages
- Typing and state notifications XEP 85
- Desktop notifications
- File sharing / HTTP File Upload XEP 363
- Messages appear in all connnected chat clients / Message Carbons XEP 280
- Third person "/me" messages XEP 245
- XMPP Ping XEP 199
- Server-side archiving of messages XEP 313
- Hidden Messages (aka Spoilers) XEP 382
- Client state indication XEP 352
- Last Message Correction XEP 308
- Off-the-record encryption
- OMEMO encrypted messaging XEP 384
- Supports anonymous logins, see the anonymous login demo.
- Translated into 28 languages
Integration into other frameworks
- Prosody: mod_conversejs
- Openfire: inverse.jar
- Ruby on Rails: conversejs-rails
- Django: django-conversejs or django-xmpp
- Patternslib: patterns.converse
- Roundcube: roundcube-converse.js-xmpp-plugin
- Wordpress: ConverseJS
- Plone: collective.converse
- Alfresco: alfresco-js-chat-share
- Friendica: converse
- Tiki Wiki CMS Groupware: built-in optional feature
Tests
We use behavior-driven tests written with jasmine.js.
Open tests.html in your browser, and the tests will run automatically.
Licence
Converse.js
is released under the Mozilla Public License (MPL).
Attribution
Emoji images are courtesy of Twemoji.
Support
Issues can be logged on the Github issue tracker.
Donations
A heartfelt thanks for everyone who has supported this project over the years. Many people have contributed testing, bugfixes, features and corrections.