Merge branch 'master' into 0.8

Conflicts:
	bower.json
	converse.js
	docs/CHANGES.rst
	spec/chatbox.js
	tests/utils.js
	tests_main.js

bower.json

 {
   "name": "converse",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "devDependencies": {
     "jasmine": "https://github.com/jcbrand/jasmine.git#1_3_x",
     "otr": "0.2.7",

converse.js

@@ -43,7 +43,8 @@
                 if (list) {
                     for (i=0; i<list.length; i++) {
                         var prot = list[i].indexOf('http://') === 0 || list[i].indexOf('https://') === 0 ? '' : 'http://';
-                        x = x.replace(list[i], "<a target='_blank' href='" + prot + list[i] + "'>"+ list[i] + "</a>" );
+                        var escaped_url = encodeURI(decodeURI(list[i])).replace(/[!'()]/g, escape).replace(/\*/g, "%2A");
+                        x = x.replace(list[i], "<a target='_blank' href='" + prot + escaped_url + "'>"+ list[i] + "</a>" );
                     }
                 }
                 $(obj).html(x);
@@ -942,15 +943,16 @@
                     msg_date = msg_dict.time ? converse.parseISO8601(msg_dict.time) : new Date(),
                     text = msg_dict.message,
                     match = text.match(/^\/(.*?)(?: (.*))?$/),
+                    fullname = msg_dict.fullname || this.model.get('fullname'),
                     template, username;
 
                 if ((match) && (match[1] === 'me')) {
                     text = text.replace(/^\/me/, '');
                     template = converse.templates.action_template;
-                    username = msg_dict.fullname;
+                    username = fullname;
                 } else  {
                     template = converse.templates.message;
-                    username = msg_dict.sender === 'me' && __('me') || msg_dict.fullname || this.model.get('fullname');
+                    username = msg_dict.sender === 'me' && __('me') || fullname;
                 }
                 $el.find('div.chat-event').remove();
                 var message = template({

docs/CHANGES.rst

@@ -7,6 +7,16 @@ Changelog
 * Chat boxes and rooms can now be resized vertically. [jcbrand]
 * Chat boxes and rooms can be minimized. [jcbrand]
 
+0.7.4 (2014-03-05)
+------------------
+
+.. note:: This release contains an important security fix.
+   Thanks to Renaud Dubourguais from `Synacktiv http://synacktiv.com`_ for reporting the vulnerability.
+
+* #125 Bugfix: crypto dependencies loaded in wrong order [jcbrand]
+* Bugfix: action messages (i.e. /me) didn't work in OTR mode. [jcbrand]
+* Security fix: Ensure that message URLs are properly encoded. [jcbrand]
+
 0.7.3 (2014-02-23)
 ------------------
 
@@ -22,11 +32,12 @@ Changelog
 ------------------
 
 .. note:: This release contains an important security fix.
+   Thanks to hejsan for reporting the vulnerability.
 
 * #48 Add event emitter support and emit events. [jcbrand]
 * #97 Wrong number of online contacts shown with config option ``show_only_online_users``. [jcbrand]
 * #100 Make the fetching of vCards optional (enabled by default). [jcbrand]
-* Sanitize message text to avoid Javascript injection attacks. Thanks to hejsan for reporting. [jcbrand]
+* Sanitize message text to avoid Javascript injection attacks.  [jcbrand]
 
 0.7.1 (2013-11-17)
 ------------------

docs/html/.buildinfo

 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 738ca7b60aed811ee1668ad08d26eabb
+config: 0660e50cf30718622673fcf0e779dfd4
 tags: fbb0d17656682115ca4d033fb2f83ba1

docs/html/genindex.html

@@ -9,7 +9,7 @@
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     
-    <title>Index &mdash; Converse.js 0.7.3 documentation</title>
+    <title>Index &mdash; Converse.js 0.7.4 documentation</title>
     
     <link rel="stylesheet" href="_static/stylesheet.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@@ -17,7 +17,7 @@
     <script type="text/javascript">
       var DOCUMENTATION_OPTIONS = {
         URL_ROOT:    '',
-        VERSION:     '0.7.3',
+        VERSION:     '0.7.4',
         COLLAPSE_INDEX: false,
         FILE_SUFFIX: '.html',
         HAS_SOURCE:  true
@@ -26,7 +26,7 @@
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <link rel="top" title="Converse.js 0.7.3 documentation" href="index.html" /> 
+    <link rel="top" title="Converse.js 0.7.4 documentation" href="index.html" /> 
   </head>
   <body>
     <div id="header_wrap" class="outer">
@@ -51,7 +51,7 @@
         <li class="right" style="margin-right: 10px">
           <a href="#" title="General Index"
              accesskey="I">index</a></li>
-        <li><a href="index.html">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="index.html">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 <section id="main_content" class="inner">  
@@ -80,7 +80,7 @@
         <li class="right" style="margin-right: 10px">
           <a href="#" title="General Index"
              >index</a></li>
-        <li><a href="index.html">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="index.html">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 </div>

docs/html/index.html

@@ -7,7 +7,7 @@
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     
-    <title>Quickstart (to get a demo up and running) &mdash; Converse.js 0.7.3 documentation</title>
+    <title>Quickstart (to get a demo up and running) &mdash; Converse.js 0.7.4 documentation</title>
     
     <link rel="stylesheet" href="_static/stylesheet.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@@ -15,7 +15,7 @@
     <script type="text/javascript">
       var DOCUMENTATION_OPTIONS = {
         URL_ROOT:    '',
-        VERSION:     '0.7.3',
+        VERSION:     '0.7.4',
         COLLAPSE_INDEX: false,
         FILE_SUFFIX: '.html',
         HAS_SOURCE:  true
@@ -24,7 +24,7 @@
     <script type="text/javascript" src="_static/jquery.js"></script>
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
-    <link rel="top" title="Converse.js 0.7.3 documentation" href="#" /> 
+    <link rel="top" title="Converse.js 0.7.4 documentation" href="#" /> 
   </head>
   <body>
     <div id="header_wrap" class="outer">
@@ -49,7 +49,7 @@
         <li class="right" style="margin-right: 10px">
           <a href="genindex.html" title="General Index"
              accesskey="I">index</a></li>
-        <li><a href="#">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="#">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 <section id="main_content" class="inner">  
@@ -1045,7 +1045,7 @@ The query string will be included in the request with <tt class="docutils litera
         <li class="right" style="margin-right: 10px">
           <a href="genindex.html" title="General Index"
              >index</a></li>
-        <li><a href="#">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="#">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 </div>

docs/html/objects.inv

 # Sphinx inventory version 2
 # Project: Converse.js
-# Version: 0.7.3
+# Version: 0.7.4
 # The remainder of this file is compressed using zlib.
 xm
  {"];

docs/html/search.html

@@ -7,7 +7,7 @@
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     
-    <title>Search &mdash; Converse.js 0.7.3 documentation</title>
+    <title>Search &mdash; Converse.js 0.7.4 documentation</title>
     
     <link rel="stylesheet" href="_static/stylesheet.css" type="text/css" />
     <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
@@ -15,7 +15,7 @@
     <script type="text/javascript">
       var DOCUMENTATION_OPTIONS = {
         URL_ROOT:    '',
-        VERSION:     '0.7.3',
+        VERSION:     '0.7.4',
         COLLAPSE_INDEX: false,
         FILE_SUFFIX: '.html',
         HAS_SOURCE:  true
@@ -25,7 +25,7 @@
     <script type="text/javascript" src="_static/underscore.js"></script>
     <script type="text/javascript" src="_static/doctools.js"></script>
     <script type="text/javascript" src="_static/searchtools.js"></script>
-    <link rel="top" title="Converse.js 0.7.3 documentation" href="index.html" />
+    <link rel="top" title="Converse.js 0.7.4 documentation" href="index.html" />
   <script type="text/javascript">
     jQuery(function() { Search.loadIndex("searchindex.js"); });
   </script>
@@ -55,7 +55,7 @@
         <li class="right" style="margin-right: 10px">
           <a href="genindex.html" title="General Index"
              accesskey="I">index</a></li>
-        <li><a href="index.html">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="index.html">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 <section id="main_content" class="inner">  
@@ -100,7 +100,7 @@
         <li class="right" style="margin-right: 10px">
           <a href="genindex.html" title="General Index"
              >index</a></li>
-        <li><a href="index.html">Converse.js 0.7.3 documentation</a> &raquo;</li> 
+        <li><a href="index.html">Converse.js 0.7.4 documentation</a> &raquo;</li> 
       </ul>
     </div>
 </div>

docs/html/searchindex.js

-Search.setIndex({objects:{},terms:{all:0,code:0,partial:0,queri:0,lack:0,webchat:0,follow:0,row:0,privat:0,middl:0,depend:0,onmessagesend:0,sensit:0,punjab:0,cach:0,buddi:0,under:0,sens:0,spec:0,sent:0,global:0,everi:0,string:0,fals:0,account:0,requirej:0,jid:0,facebook:0,jack:0,veri:0,retriev:0,tri:0,chatpanel:[],button:0,messagetext:0,list:0,virtualhost:0,factori:0,"try":0,item:0,sane:0,div:0,pleas:0,prevent:0,version:0,xhr_user_search_url:0,almond:0,focu:0,jump:0,second:0,pass:0,download:0,further:0,fullnam:0,port:0,folk:0,even:0,index:0,what:0,hide:0,appear:0,section:0,abl:0,access:0,delet:0,use_otr_by_default:0,awar:[],"new":0,net:0,method:0,widget:0,themselv:0,messagexml:0,gener:0,here:0,bodi:0,typeerror:0,let:0,path:0,strong:[],modifi:0,valu:0,box:0,great:0,convers:0,mysit:0,reason:0,fetch:0,implement:0,sorri:0,chanc:0,via:0,although:0,extra:0,apach:0,prefer:0,ask:0,href:0,fake:0,auto_list_room:0,instal:0,establish:0,getsess:0,from:0,zip:0,commun:0,doubl:0,two:0,websit:0,few:0,stylesheet:0,call:0,recommend:0,msg:0,type:0,until:0,toggl:0,more:0,peopl:0,line:0,notic:0,remot:0,particular:0,vcard:0,must:0,none:[],word:0,room:0,past:0,work:0,uniqu:0,xhr:0,can:0,lc_messag:0,purpos:0,root:0,blogpost:0,control:0,quickstart:0,give:0,challeng:0,share:0,templat:0,critic:0,tag:0,proprietari:0,explor:0,onlin:0,occup:0,end:0,goal:0,thing:0,anoth:0,deniabl:0,snippet:0,how:0,bosh_serv:0,sid:0,expose_rid_and_sid:0,css:0,updat:0,npm:0,regener:0,product:0,resourc:0,haven:0,after:0,usabl:0,befor:0,allow_contact_request:0,multipl:0,underscor:0,data:0,demonstr:0,man:0,opkod:0,"short":0,practic:0,third:0,seriou:0,secur:0,show_controlbox_by_default:0,correspond:0,element:0,caus:0,inform:0,show_only_online_us:0,allow:0,media:0,mechan:0,order:0,talk:0,feedback:0,chatbox:0,xmpp:0,over:0,move:0,becaus:0,through:0,reconnect:0,paramet:0,streamlin:0,write:0,style:[],"8147a27e4a7f9b55ffc85c2683f9529a":0,render:0,fit:0,fix:0,better:0,window:0,pend:0,persist:0,hidden:0,main:0,might:0,them:0,anim:0,"return":0,thei:0,python:0,initi:0,onmessag:0,onbuddystatusmessagechang:0,instead:0,front:0,now:0,introduct:0,name:0,edit:0,troubleshoot:0,revers:0,crypto:0,authent:0,separ:0,token:0,ejabberd:0,each:0,debug:0,side:0,mean:0,everyth:0,domain:0,michael:0,individu:0,idea:0,realli:0,"static":0,connect:0,our:0,happen:0,patch:0,extract:0,event:0,special:0,out:0,variabl:0,shown:0,"3rd":0,space:0,jabber:0,proxy_pass:0,auto_reconnect:0,content:0,rel:0,internet:0,got:0,plural:0,correct:0,po2json:0,proxi:0,insid:0,state:0,standard:0,standalon:0,ajax:0,put:0,org:0,afterward:0,xhr_custom_status_url:0,could:0,keep:0,turn:0,perhap:0,xhr_custom_statu:0,outsid:[],imposs:0,first:0,origin:0,softwar:0,directli:0,malici:0,onc:0,hoop:0,lastnam:0,number:0,yourself:0,restrict:0,instruct:0,alreadi:0,done:0,"long":0,onchatboxclos:0,owner:0,happi:0,miss:0,suffic:0,differ:0,script:0,top:0,contact:0,attack:0,messag:0,attach:0,stori:0,master:0,jed:0,privaci:0,"final":0,listen:0,luckili:0,consol:0,option:0,tool:0,jcbrand:0,specifi:0,part:0,pars:0,grunt:0,than:0,serv:0,wide:0,kind:0,bloat:0,provid:0,remov:0,project:0,bridg:0,bind:0,someothersit:0,browser:0,pre:0,analysi:0,sai:0,credenti:0,saa:0,modern:0,ani:0,packag:0,have:0,tabl:0,need:0,moffitt:0,django:0,bosh_service_url:0,prebind:0,callback:0,latter:0,thorough:0,click:0,note:0,also:0,exampl:0,take:0,which:0,singl:0,therefor:0,sure:0,roster:0,unsur:0,previou:0,reach:0,most:0,deploi:0,rewriterul:0,homepag:0,"class":0,don:0,use_vcard:0,url:0,request:0,doe:0,runtim:0,determin:0,bower:0,latest:0,xdomainrequest:0,devdepend:0,show:0,german:0,text:0,succesfulli:0,page:0,server_nam:0,session:0,protocol:0,fine:0,find:0,help:0,xml:0,current:0,onli:0,exactli:0,locat:0,execut:0,configur:0,solut:0,stanza:0,should:0,busi:0,folder:0,local:0,meant:0,info:0,get:0,stop:0,soon:0,repo:0,nativ:0,cannot:0,cryptographi:0,requir:0,show_call_button:0,enabl:0,emb:0,mainspec:0,whenev:0,multi:0,achiev:0,"public":0,reload:0,bad:0,integr:0,though:0,contain:0,where:0,view:0,wiki:0,set:0,habit:0,stroph:0,see:0,bare:0,result:0,close:0,eventnam:0,best:0,concern:0,jqueri:0,statu:0,said:0,kei:0,inconveni:0,someth:0,written:0,muc:0,between:0,awai:0,experi:0,jasmin:0,across:0,attribut:0,verifi:0,appreci:0,extend:0,screen:0,javascript:0,conjunct:0,job:0,entir:0,bosh:0,otherwis:0,"5e64a30272af065bd72258c565a03f2f":0,cache_otr_kei:0,both:0,cor:0,instant:0,shortliv:0,conversej:0,avatar:0,etc:0,grain:0,mani:0,login:0,com:0,load:0,node_modul:0,simpli:0,within:0,pot:0,solv:0,non:0,assum:0,malleabl:0,backend:0,quit:0,sucessfulli:0,addition:0,rebuild:0,due:0,empti:0,github:0,compon:0,json:0,much:0,toolbar:0,subscrib:0,non_amd:0,session_kei:0,fire:0,imag:0,xxx:0,rubi:0,convert:0,minifi:0,togeth:0,els:0,i18n:0,otr:0,plausibl:0,present:0,"case":0,myself:0,ident:0,look:0,servic:0,plugin:0,defin:0,"while":0,abov:0,error:0,howev:0,hightlight:0,increment:0,helper:0,demo:0,auto_subscrib:0,site:0,oncallbuttonclick:0,itself:0,incom:0,rid:0,conn:[],develop:0,harsh:0,open:0,receiv:0,parti:0,make:0,format:0,minif:0,cross:0,same:0,webpag:0,onconnectfacebook:0,html:0,unexpectedli:0,chatroom:0,document:0,medit:0,conflict:0,complet:0,signon:0,http:0,webserv:0,optim:0,upon:0,someon:0,hand:0,fairli:0,"50kb":0,user:0,uncaught:0,php:0,xhr_user_search:0,cssmin:0,recent:0,weibel:0,stateless:0,off:0,bewar:0,firstli:0,markup:0,min:0,well:0,thought:0,person:0,without:0,command:0,wherebi:0,thi:0,choos:0,model:0,usual:0,plural_form:0,identifi:0,just:0,tip:0,onstatuschang:0,jshint:0,file:0,languag:0,web:0,xmlhttprequest:0,expos:0,field:0,danger:0,had:0,onchatboxopen:0,desktop:0,add:0,valid:0,blob:0,versa:0,primit:0,input:0,match:0,build:0,bin:0,applic:0,secreci:0,read:0,amd:0,nginx:0,traffic:0,know:0,background:0,press:0,backbon:0,xss:0,like:0,specif:0,manual:0,server:0,collect:[],benefit:0,api:0,either:0,output:0,perfect:0,manag:0,candi:0,facebookconnect:0,right:0,who:0,deal:0,nplural:0,some:0,back:0,drop:0,librari:0,bottom:0,avoid:0,deploy:0,rewriteengin:0,track:0,allow_otr:0,inject:0,overcom:0,oniniti:0,localhost:0,refer:0,plu:0,object:0,run:0,host:0,repositori:0,post:0,appli:0,panel:0,src:0,about:0,firstnam:0,controlbox:0,unfortun:0,issu:0,act:0,client:0,own:0,curiou:0,inlin:0,eavesdropp:0,encod:0,harm:0,automat:0,been:0,onreadi:0,wrap:0,chang:0,storag:0,your:0,merg:0,log:0,wai:0,aren:0,transfer:0,support:0,submit:0,custom:0,avail:0,trigger:0,includ:0,lot:0,suit:0,forward:0,"function":0,head:0,properli:0,form:0,bundl:0,somehow:0,link:0,translat:0,synonym:0,cryptograph:0,stand:0,"true":0,bug:0,congratul:0,longer:0,count:[],pull:0,made:0,dirti:0,tab:0,possibl:0,whether:0,bugfix:0,displai:0,asynchron:0,record:0,below:0,those:0,tightli:0,legwork:0,problem:0,emit:0,expect:0,onrosterviewupd:0,featur:0,constant:0,creat:0,movim:0,decrypt:0,doesn:0,msgmerg:0,exist:0,chat:0,face:0,check:0,probabl:0,encrypt:0,want:0,onrost:0,when:0,detail:0,gettext:0,"default":0,other:0,onchatboxfocus:0,rememb:0,varieti:0,test:0,you:0,servernam:0,nice:0,node:0,intend:0,duck:0,onstatusmessagechang:0,releas:0,consid:0,hide_muc_serv:0,stai:0,lang:0,fraught:0,vice:0,directori:0,onbuddystatuschang:0,getjson:0,rule:0,allow_muc:0,ignor:0,locale_data:0,potenti:0,time:0},objtypes:{},titles:["Quickstart (to get a demo up and running)"],objnames:{},filenames:["index"]})
+Search.setIndex({objects:{},terms:{all:0,code:0,partial:0,queri:0,lack:0,webchat:0,follow:0,row:0,privat:0,middl:0,depend:0,sensit:0,punjab:0,cach:0,buddi:0,under:0,sens:0,spec:0,sent:0,global:0,everi:0,string:0,fals:0,account:0,ident:0,facebook:0,jack:0,veri:0,retriev:0,tri:0,chatpanel:[],button:0,messagetext:0,list:0,correct:0,"try":0,item:0,sane:0,div:0,refer:0,pleas:0,prevent:0,xhr_user_search_url:0,almond:0,focu:0,jump:0,second:0,possibl:0,pass:0,download:0,further:0,fullnam:0,port:0,folk:0,even:0,index:0,what:0,hide:0,appear:0,section:0,abl:0,access:0,delet:0,use_otr_by_default:0,"new":0,net:0,method:0,manag:0,jqueri:0,widget:0,themselv:0,messagexml:0,gener:0,here:0,bodi:0,typeerror:0,let:0,path:0,strong:[],modifi:0,valu:0,box:0,great:0,convers:0,mysit:0,ajax:0,fetch:0,implement:0,sorri:0,chanc:0,via:0,repositori:0,extra:0,solut:0,prefer:0,put:0,href:0,fake:0,auto_list_room:0,instal:0,should:0,establish:0,getsess:0,from:0,zip:0,commun:0,doubl:0,two:0,websit:0,few:0,stylesheet:0,busi:0,call:0,recommend:0,msg:0,type:0,until:0,toggl:0,more:0,peopl:0,notic:0,site:0,conjunct:0,particular:0,vcard:0,must:0,none:[],word:0,room:0,past:0,work:0,uniqu:0,xhr:0,legwork:0,can:0,lc_messag:0,purpos:0,root:0,blogpost:0,control:0,quickstart:0,give:0,challeng:0,share:0,templat:0,critic:0,tag:0,proprietari:0,explor:0,onlin:0,occup:0,end:0,goal:0,thing:0,anoth:0,deniabl:0,write:0,how:0,bosh_serv:0,sid:0,instead:0,css:0,updat:0,npm:0,regener:0,product:0,resourc:0,after:0,usabl:0,befor:0,allow_contact_request:0,multipl:0,underscor:0,data:0,demonstr:0,man:0,repo:0,"short":0,practic:0,third:0,seriou:0,secur:0,show_controlbox_by_default:0,correspond:0,element:0,caus:0,inform:0,show_only_online_us:0,allow:0,parti:0,mechan:0,order:0,talk:0,feedback:0,chatbox:0,xmpp:0,over:0,move:0,becaus:0,through:0,reconnect:0,paramet:0,streamlin:0,snippet:0,style:[],"8147a27e4a7f9b55ffc85c2683f9529a":0,render:0,fit:0,fix:0,better:0,window:0,pend:0,persist:0,hidden:0,main:0,might:0,them:0,anim:0,"return":0,thei:0,python:0,initi:0,onmessag:0,automat:0,expose_rid_and_sid:0,front:0,now:0,introduct:0,name:0,edit:0,troubleshoot:0,revers:0,crypto:0,authent:0,separ:0,token:0,ejabberd:0,each:0,debug:0,side:0,mean:0,domain:0,michael:0,individu:0,idea:0,realli:0,"static":0,connect:0,our:0,happen:0,extract:0,event:0,special:0,out:0,variabl:0,shown:0,"3rd":0,space:0,miss:0,proxy_pass:0,content:0,rel:0,internet:0,got:0,plural:0,factori:0,po2json:0,model:0,proxi:0,insid:0,written:0,standard:0,standalon:0,reason:0,ask:0,org:0,afterward:0,xhr_custom_status_url:0,rewriteengin:0,could:0,keep:0,turn:0,perhap:0,outsid:[],imposs:0,first:0,origin:0,softwar:0,directli:0,malici:0,onc:0,hoop:0,lastnam:0,cryptograph:0,number:0,yourself:0,restrict:0,instruct:0,alreadi:0,done:0,submit:0,onchatboxclos:0,owner:0,custom:0,jabber:0,suffic:0,differ:0,php:0,script:0,top:0,contact:0,attack:0,messag:0,attach:0,stori:0,master:0,jed:0,privaci:0,"final":0,listen:0,luckili:0,consol:0,option:0,tool:0,jcbrand:0,specifi:0,part:0,pars:0,grunt:0,than:0,serv:0,wide:0,kind:0,bloat:0,provid:0,remov:0,project:0,bridg:0,bind:0,someothersit:0,browser:0,pre:0,"function":0,sai:0,credenti:0,saa:0,modern:0,ani:0,packag:0,properli:0,have:0,tabl:0,need:0,moffitt:0,django:0,bosh_service_url:0,prebind:0,callback:0,latter:0,thorough:0,click:0,note:0,also:0,exampl:0,take:0,which:0,singl:0,wherebi:0,sure:0,roster:0,unsur:0,previou:0,reach:0,most:0,deploi:0,homepag:0,"class":0,don:0,use_vcard:0,url:0,request:0,doe:0,runtim:0,determin:0,bower:0,usual:0,xdomainrequest:0,devdepend:0,show:0,german:0,text:0,succesfulli:0,server_nam:0,session:0,identifi:0,fine:0,find:0,help:0,xml:0,current:0,onli:0,exactli:0,locat:0,just:0,configur:0,apach:0,stanza:0,haven:0,"public":0,version:0,folder:0,local:0,meant:0,count:[],get:0,stop:0,soon:0,opkod:0,nativ:0,cannot:0,cryptographi:0,deploy:0,requir:0,show_call_button:0,enabl:0,emb:0,mainspec:0,whenev:0,patch:0,remot:0,bad:0,integr:0,contain:0,where:0,view:0,wiki:0,set:0,habit:0,stroph:0,see:0,bare:0,result:0,close:0,eventnam:0,best:0,concern:0,awar:[],statu:0,said:0,extend:0,inconveni:0,someth:0,state:0,muc:0,between:0,awai:0,experi:0,jasmin:0,across:0,attribut:0,verifi:0,appreci:0,kei:0,screen:0,javascript:0,jid:0,job:0,entir:0,bosh:0,otherwis:0,"5e64a30272af065bd72258c565a03f2f":0,cache_otr_kei:0,both:0,cor:0,instant:0,shortliv:0,conversej:0,myself:0,etc:0,grain:0,mani:0,login:0,com:0,load:0,node_modul:0,simpli:0,pot:0,solv:0,assum:0,malleabl:0,backend:0,quit:0,sucessfulli:0,addition:0,rebuild:0,due:0,empti:0,github:0,compon:0,json:0,much:0,toolbar:0,subscrib:0,blob:0,session_kei:0,fire:0,imag:0,xxx:0,rubi:0,convert:0,minifi:0,togeth:0,eavesdropp:0,input:0,i18n:0,otr:0,plausibl:0,present:0,"case":0,multi:0,therefor:0,look:0,servic:0,plugin:0,defin:0,"while":0,abov:0,error:0,howev:0,hightlight:0,increment:0,helper:0,demo:0,auto_subscrib:0,non:0,oncallbuttonclick:0,itself:0,incom:0,rid:0,conn:[],develop:0,harsh:0,open:0,receiv:0,media:0,make:0,secreci:0,minif:0,cross:0,same:0,read:0,onconnectfacebook:0,html:0,unexpectedli:0,chatroom:0,document:0,medit:0,conflict:0,complet:0,signon:0,http:0,webserv:0,optim:0,upon:0,someon:0,hand:0,fairli:0,"50kb":0,user:0,uncaught:0,rewriterul:0,xhr_user_search:0,cssmin:0,recent:0,weibel:0,stateless:0,off:0,bewar:0,choos:0,firstli:0,markup:0,min:0,well:0,object:0,thought:0,person:0,without:0,command:0,achiev:0,thi:0,onmessagesend:0,everyth:0,latest:0,plural_form:0,protocol:0,execut:0,when:0,onstatuschang:0,jshint:0,languag:0,web:0,fraught:0,xmlhttprequest:0,expos:0,field:0,danger:0,had:0,onchatboxopen:0,desktop:0,add:0,other:0,chat:0,non_amd:0,versa:0,primit:0,els:0,match:0,build:0,bin:0,applic:0,format:0,webpag:0,amd:0,nginx:0,traffic:0,know:0,background:0,press:0,like:0,xss:0,backbon:0,specif:0,manual:0,server:0,collect:[],benefit:0,api:0,either:0,output:0,perfect:0,page:0,candi:0,facebookconnect:0,right:0,deal:0,duck:0,some:0,back:0,drop:0,librari:0,bottom:0,avoid:0,though:0,xhr_custom_statu:0,track:0,allow_otr:0,inject:0,overcom:0,oniniti:0,localhost:0,avatar:0,plu:0,who:0,run:0,host:0,although:0,post:0,appli:0,panel:0,src:0,about:0,firstnam:0,controlbox:0,unfortun:0,issu:0,act:0,client:0,own:0,curiou:0,inlin:0,within:0,encod:0,harm:0,onbuddystatusmessagechang:0,been:0,onreadi:0,wrap:0,chang:0,storag:0,your:0,merg:0,log:0,wai:0,aren:0,transfer:0,support:0,"long":0,happi:0,avail:0,trigger:0,includ:0,lot:0,suit:0,forward:0,analysi:0,head:0,nplural:0,form:0,bundl:0,somehow:0,link:0,translat:0,synonym:0,line:0,stand:0,"true":0,bug:0,congratul:0,longer:0,info:0,pull:0,made:0,dirti:0,tab:0,reload:0,whether:0,bugfix:0,displai:0,asynchron:0,record:0,below:0,those:0,tightli:0,auto_reconnect:0,problem:0,emit:0,expect:0,onrosterviewupd:0,featur:0,constant:0,creat:0,movim:0,decrypt:0,doesn:0,msgmerg:0,exist:0,file:0,face:0,check:0,probabl:0,encrypt:0,want:0,onrost:0,tip:0,detail:0,gettext:0,"default":0,valid:0,onchatboxfocus:0,rememb:0,varieti:0,test:0,you:0,servernam:0,nice:0,node:0,intend:0,onbuddystatuschang:0,onstatusmessagechang:0,releas:0,consid:0,hide_muc_serv:0,stai:0,lang:0,requirej:0,vice:0,directori:0,virtualhost:0,getjson:0,rule:0,allow_muc:0,ignor:0,locale_data:0,potenti:0,time:0},objtypes:{},titles:["Quickstart (to get a demo up and running)"],objnames:{},filenames:["index"]})
\ No newline at end of file

docs/source/conf.py

@@ -48,9 +48,9 @@ copyright = u'2013, JC Brand'
 # built documents.
 #
 # The short X.Y version.
-version = '0.7.3'
+version = '0.7.4'
 # The full version, including alpha/beta/rc tags.
-release = '0.7.3'
+release = '0.7.4'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

index.html

@@ -4,7 +4,7 @@
     <meta charset='utf-8' />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
-    <meta name="description" content="Converse.js: Open Source Browser-Based Instant Messaging" />
+    <meta name="description" content="Converse.js: A chat client for your website" />
     <link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">
     <link rel="stylesheet" type="text/css" media="screen" href="converse.css">
     <script data-main="main" src="components/requirejs/require.js"></script>

package.json

 {
   "name": "converse.js",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "description": "Browser based XMPP instant messaging client",
   "main": "main.js",
   "directories": {

spec/chatbox.js

@@ -465,42 +465,99 @@
                         var view = this.chatboxviews.get(contact_jid);
                         var message = 'This message is sent from this chatbox';
                         spyOn(view, 'sendMessage').andCallThrough();
-                        view.$el.find('.chat-textarea').text(message);
-                        view.$el.find('textarea.chat-textarea').trigger($.Event('keypress', {keyCode: 13}));
+                        utils.sendMessage(view, message);
                         expect(view.sendMessage).toHaveBeenCalled();
                         expect(view.model.messages.length, 2);
+                        expect(converse.emit.callCount).toEqual(3);
                         expect(converse.emit.mostRecentCall.args, ['onMessageSend', message]);
-                        var txt = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content').text();
-                        expect(txt).toEqual(message);
+                        expect(view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content').text()).toEqual(message);
                     }.bind(converse));
                 }, converse));
 
-                it("are sanitized to prevent Javascript injection attacks", $.proxy(function () {
+                it("is sanitized to prevent Javascript injection attacks", $.proxy(function () {
                     var contact_jid = mock.cur_names[0].replace(' ','.').toLowerCase() + '@localhost';
                     utils.openChatBoxFor(contact_jid);
                     var view = this.chatboxviews.get(contact_jid);
-                    var message = 'This message contains <b>markup</b>';
+                    var message = '<p>This message contains <em>some</em> <b>markup</b></p>';
                     spyOn(view, 'sendMessage').andCallThrough();
-                    view.$el.find('.chat-textarea').text(message);
-                    view.$el.find('textarea.chat-textarea').trigger($.Event('keypress', {keyCode: 13}));
+                    utils.sendMessage(view, message);
                     expect(view.sendMessage).toHaveBeenCalled();
-                    var txt = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content').text();
-                    expect(txt).toEqual(message);
+                    var msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('&lt;p&gt;This message contains &lt;em&gt;some&lt;/em&gt; &lt;b&gt;markup&lt;/b&gt;&lt;/p&gt;');
+                }, converse));
+
+                it("can contain hyperlinks, which will be clickable", $.proxy(function () {
+                    var contact_jid = mock.cur_names[0].replace(' ','.').toLowerCase() + '@localhost';
+                    utils.openChatBoxFor(contact_jid);
+                    var view = this.chatboxviews.get(contact_jid);
+                    var message = 'This message contains a hyperlink: www.opkode.com';
+                    spyOn(view, 'sendMessage').andCallThrough();
+                    utils.sendMessage(view, message);
+                    expect(view.sendMessage).toHaveBeenCalled();
+                    var msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('This message contains a hyperlink: <a target="_blank" href="http://www.opkode.com">www.opkode.com</a>');
+                }, converse));
+
+                it("will have properly escaped URLs", $.proxy(function () {
+                    var contact_jid = mock.cur_names[0].replace(' ','.').toLowerCase() + '@localhost';
+                    utils.openChatBoxFor(contact_jid);
+                    var view = this.chatboxviews.get(contact_jid);
+                    spyOn(view, 'sendMessage').andCallThrough();
+
+                    var message = "http://www.opkode.com/'onmouseover='alert(1)'whatever";
+                    utils.sendMessage(view, message);
+                    expect(view.sendMessage).toHaveBeenCalled();
+                    var msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('<a target="_blank" href="http://www.opkode.com/%27onmouseover=%27alert%281%29%27whatever">http://www.opkode.com/\'onmouseover=\'alert(1)\'whatever</a>');
+
+                    message = 'http://www.opkode.com/"onmouseover="alert(1)"whatever';
+                    utils.sendMessage(view, message);
+                    expect(view.sendMessage).toHaveBeenCalled();
+                    msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('<a target="_blank" href="http://www.opkode.com/%22onmouseover=%22alert%281%29%22whatever">http://www.opkode.com/"onmouseover="alert(1)"whatever</a>');
+
+                    message = "https://en.wikipedia.org/wiki/Ender's_Game";
+                    utils.sendMessage(view, message);
+                    expect(view.sendMessage).toHaveBeenCalled();
+                    msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('<a target="_blank" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender\'s_Game</a>');
+
+                    message = "https://en.wikipedia.org/wiki/Ender%27s_Game";
+                    utils.sendMessage(view, message);
+                    expect(view.sendMessage).toHaveBeenCalled();
+                    msg = view.$el.find('.chat-content').find('.chat-message').last().find('.chat-message-content');
+                    expect(msg.text()).toEqual(message);
+                    expect(msg.html()).toEqual('<a target="_blank" href="https://en.wikipedia.org/wiki/Ender%27s_Game">https://en.wikipedia.org/wiki/Ender%27s_Game</a>');
                 }, converse));
 
             }, converse));
         }, converse));
 
         describe("Special Messages", $.proxy(function () {
+            beforeEach(function () {
+                utils.closeAllChatBoxes();
+                utils.removeControlBox();
+                converse.roster.localStorage._clear();
+                utils.initConverse();
+                utils.createCurrentContacts();
+                utils.openControlBox();
+                utils.openContactsPanel();
+            });
+
             it("'/clear' can be used to clear messages in a conversation", $.proxy(function () {
                 spyOn(converse, 'emit');
                 var contact_jid = mock.cur_names[0].replace(/ /g,'.').toLowerCase() + '@localhost';
+                utils.openChatBoxFor(contact_jid);
                 var view = this.chatboxviews.get(contact_jid);
                 var message = 'This message is another sent from this chatbox';
                 // Lets make sure there is at least one message already
                 // (e.g for when this test is run on its own).
-                view.$el.find('.chat-textarea').val(message).text(message);
-                view.$el.find('textarea.chat-textarea').trigger($.Event('keypress', {keyCode: 13}));
+                utils.sendMessage(view, message);
                 expect(view.model.messages.length > 0).toBeTruthy();
                 expect(view.model.messages.localStorage.records.length > 0).toBeTruthy();
                 expect(converse.emit).toHaveBeenCalledWith('onMessageSend', message);
@@ -508,8 +565,7 @@
                 message = '/clear';
                 var old_length = view.model.messages.length;
                 spyOn(view, 'sendMessage').andCallThrough();
-                view.$el.find('.chat-textarea').val(message).text(message);
-                view.$el.find('textarea.chat-textarea').trigger($.Event('keypress', {keyCode: 13}));
+                utils.sendMessage(view, message);
                 expect(view.sendMessage).toHaveBeenCalled();
                 expect(view.model.messages.length, 0); // The messages must be removed from the modal
                 expect(view.model.messages.localStorage.records.length, 0); // And also from localStorage

src/build.js

@@ -33,8 +33,8 @@
         "bigint": "src/bigint",
         "crypto.core": "components/otr/vendor/cryptojs/core",
         "crypto.enc-base64": "components/otr/vendor/cryptojs/enc-base64",
-        "crypto.md5": "components/crypto-js/src/md5",
-        "crypto.evpkdf": "components/crypto-js/src/evpkdf",
+        "crypto.md5": "components/crypto-js-evanvosberg/src/md5",
+        "crypto.evpkdf": "components/crypto-js-evanvosberg/src/evpkdf",
         "crypto.cipher-core": "components/otr/vendor/cryptojs/cipher-core",
         "crypto.aes": "components/otr/vendor/cryptojs/aes",
         "crypto.sha1": "components/otr/vendor/cryptojs/sha1",

tests.html

@@ -3,7 +3,7 @@
 <html>
 <head>
     <title>Converse.js Tests</title>
-    <meta name="description" content="Converse.js: Open Source Browser-Based Instant Messaging" />
+    <meta name="description" content="Converse.js: A chat client for your website" />
     <link rel="shortcut icon" type="image/png" href="components/jasmine/images/jasmine_favicon.png">
     <link rel="stylesheet" type="text/css" href="components/jasmine/src/html/jasmine.css">
     <link rel="stylesheet" type="text/css" media="screen" href="stylesheets/stylesheet.css">

tests/utils.js

@@ -110,5 +110,10 @@
         }
         return this;
     };
+
+    utils.sendMessage = function (chatboxview, message) {
+        chatboxview.$el.find('.chat-textarea').val(message);
+        chatboxview.$el.find('textarea.chat-textarea').trigger($.Event('keypress', {keyCode: 13}));
+    };
     return utils;
 }));