Skip to content

1.8 - Adagio

Compare
Choose a tag to compare
@cburschka cburschka released this 08 May 14:17
· 566 commits to master since this release
v1.8

This update adds several major features and fixes many bugs, including a security issue.

Critical bugs

  • #192, #196: An arbitrary HTML/Javascript injection vulnerability was removed. The emoticon and URL-link processor used the obsolete jquery-replacetext library, which implicitly evaluated any escaped HTML code in messages as a side effect. The library has been removed and replaced with a more robust approach.

Features

  • #101: Rooms can be configured via arguments for /create or the newly added /configure command. This allows toggling room persistence, logging, permissions and other settings.
  • #103: Direct messages can be sent and received via the /dmsg command. This allows sending a message directly to any JID (including across domains), and even to a specific client session identified by its resource.
  • #167: Desktop notifications (if the browser and desktop environment support them) can be enabled for certain events when the client is in the background.
  • #178: A list of navigational links can be inserted in the title bar.
  • #180: Six new pony emotes have been added to the pack: :fluttersmile:, :ididntlisten:, :rdmad:, :shutup:, :symadder: :tavizero:
  • #182: The new /dnd command sets your status to "do not disturb", which turns off sounds and notifications, while also showing up as a status icon in the roster.

Bugs

  • #142: All BBCode buttons now have shortcuts supported by most browsers, including Chromium-based ones that didn't work previously. These use the HTML5 accesskey attribute. The specific key combination may vary accross browsers, and is shown in the button tooltips.
  • #166: The full RGB color selection now works reliably, by adding an "Advanced" button to the palette dialog that opens the color picker.
  • #186: Disabling inline images now actually works, instead of showing both the image and the alt-text.
  • #189: Emoticons will no longer render inside hyperlink anchors, which avoids rendering 8o or :D in URLs.

Minor fixes

  • #179: Alphabetize /who output.
  • #188: Some incorrect labels in the settings form have been fixed.
  • #190: Open all links in new tab.
  • #191: The text color RGB code is in monospace; the sliders have a set width.
  • #195: JS libraries were updated (strophe, buzz, jquery and moment)
  • #197: The codes in the help sidebar now line-wrap.
  • #198: Some unused images have been removed, one image was renamed.
  • #202: The stderr output of which is now suppressed.
  • #203: The room title is no longer run through Strophe.unescapeNode
  • #205: The onclick event for users is now attached instead of injected in HTML.
  • #206: Private messages can now be sent to nicks that contain backslashes.
  • #207: Pressing Escape or Cancel on the URL prompt no longer inserts [url][/url].
  • #209: Make the recipient clickable on outgoing /msg and /dmsg whispers.
  • #210: Some control flow refactoring.