- Security Fix: Escape values passed to the
stx
tagged template literal - Allow
Stanza
andBuilder
objects to be passed as values thestx
. - Avoid inserting commas when nesting array values in
stx
templates. - Replace xmldom with jsdom.
- Remove deprecated
abab
package - Make sure
ConnectionOptions
type is exportable - fix: invert default and types exports
- Bugfix:
Package path . is not exported from package
- #708 Properly set exports value in package.json
- #710 Fix types minor errors
- #711 Error with Builder.up depending on context
- #712 fix: export node and default modules
- #715 Fix the error when the attrs field is null
Dependency updates:
- Bump @rollup/plugin-commonjs from 24.1.0 to 26.0.1
- Bump @xmldom/xmldom from 0.8.8 to 0.8.10
- Bump prettier from 2.8.8 to 3.3.3
- Bump sinon from 15.0.4 to 18.0.0
- #704 Cannot use with NodeJS
- #706 TypeError when receiving a
stream:error
IQ message
Out of an abundance of caution, making a major version bump, since there was
some internal refactoring of the Strophe files to remove circular
dependencies. So certain deep imports used by integrators might no longer work.
Instead of deep imports, everything should be imported from strophe.js
.
For example:
import { Strophe, $build, stx } from strophe.js;
- Type checking via TypeScript and JSDoc typing annotations
- Types definitions are now generated and placed in
./dist/types/
. - Remove the deprecated
matchBare
option forStrophe.Handler
. UsematchBareFromJid
instead. - Add the ability to create stanzas via a tagged template literal (
stx
). - Bugfix: Ignore unknown SCRAM attributes instead of aborting the connection
- #613 TypeError: XHTML.validTag is not a function
- Re-add NodeJS support and add the ability to run tests on NodeJS to avoid regressions
- #602 Websocket connection times out instead of being disconnected
- #314 Support for SCRAM-SHA-256 and SCRAM-SHA-512 authentication
- Add an automatic fallback handler for unhandled IQ "set" and "get" stanzas
that returns an IQ error with
service-unavailable
. - Update various 3rd party dependencies
- #390 Replace deprecated String.prototype.substr()
- #418 BOSH fix: mark first request dead when second is done
- #388 Properly import xmldom
- Update xmldom to version 0.7.5
- Add disconnection_timeout setting: an optional timeout in milliseconds before
_doDisconnect
is called. - Update ws optional dependency to fix security issue https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
- Update optional NodeJS-specific dependency xmldom to version 0.5.0 which includes a security fix.
- #369 Add
clientChallenge
SASL mechanism method to avoid having to monkey patchonChallenge
, which prevents reconnection when using SCRAM-SHA1.
- #201: NodeJS related fixes:
window
andWebSocket
areundefined
- New method
Strophe.Connection.prototype.setProtocol
which can be used to determine the protocol used after the connection has been constructed.
- #347: Bugfix. Reconnection fails when SessionResultIQ arrives too late
- #354: Strophe.js sends an authzid during PLAIN when not acting on behalf of another entity
- #359: Bugfix: WebSocket connection failed: Data frame received after close
- Add support for running a websocket connection inside a shared worker
- #250 Bugfix: OAuth's SASL priority being higher causes problems
- #352 Bugfix: Referencing undefined property
- Remove support for obselete SASL DIGEST-MD5 auth
- #329 Varous compatibility fixes to make Strophe.js work in NodeJS
- #344 Properly set Strophe.VERSION
- Replace webpack with rollup
TypeError: this._changeConnectStatus is not a function
- Bugfix. Remove handlers on closed socket
- Add new Strophe.Connection option
explicitResourceBinding
. If is set to true the XMPP client needs to explicitly callStrophe.Connection.prototype.bind
once the XMPP server has advertised the "urn:ietf:params:xml:ns:xmpp-bind" feature.
- The dist files are no longer included in the repo, but generated by NPM/Yarn
- Moved some log statements from INFO to DEBUG level
- Don't break when a falsy value is passed to
getResourceFromJid
- #320 Fix error on SCRAM-SHA-1 client nonce generation
- #311 Expose
Strophe
,$build
,$msg
and$iq
as globals
- Use ES2015 modules
- Drop support for Internet Explorer < 11
- #299 'no-auth-mech' error. Server did not offer a supported authentication mechanism
- #306 Fix websocket close handler exception and reporting
- #259 XML element should be sent to xmlOutput
- #266 Support Browserify/CommonJS.
require('strophe.js/src/wrapper')
- #296 Remove error handler from old websocket before closing
- #271 SASL X-OAUTH2 authentication mechanism implemented
- #288 Strophe now logs fatal errors by default.
- Run tests with headless Chromium instead of Phantomjs
- #231 SASL OAuth Bearer authentication should not require a JID node, when a user identifer can be retreived from the bearer token.
- #250 Show XHR error message
- #254 Set connection status to CONNFAIL after max retries
- #255 Set CONNFAIL error status when connection fails on Safari 10
- Use almond to create the build. This means that the build itself is an AMD
module and can be loaded via
require
. - Remove Grunt as a build tool.
- Reduce the priority of the SASL-EXTERNAL auth mechanism. OpenFire 4.1.1 advertises support for SASL-EXTERNAL and the vast majority of Strophe.js installs are not set up to support SASL-EXTERNAl, causing them to fail logging users in.
- 189 Strophe never reaches DISCONNECTED status after .connect(..) and .disconnect(..) calls while offline.
- Add
sendPresence
method, similar tosendIQ
, i.e. for cases where you expect a responding presence (e.g. when leaving a MUC room).
- #172 and #215: Strophe shouldn't require
from
attribute in iq response - #216 Get inactivity attribute from session creation response
- Enable session restoration for anonymous logins
- Allow SASL mechanisms to be supported to be passed in as option to
Strophe.Connection
constructor. - Add new matching option to
Strophe.Handler
, namelyignoreNamespaceFragment
. - The
matchBare
matching option forStrophe.Handler
has been renamed tomatchBareFromJid
. The old name will still work in this release but is deprecated and will be removed in a future release. - #114 Add an error handler for HTTP calls
- #213 "XHR open failed." in BOSH in IE9
- #214 Add function to move Strophe.Builder pointer back to the root node
- #172, #215 Don't compare
to
andto
values of sent and received IQ stanzas to determine correctness (we rely on UUIDs for that).
- #200 Fix for webpack
- #203 Allow custom Content-Type header for requests
- #206 XML stanza attributes: there is no 'quot' escape inside 'serialize' method
- The files in
./src
are now also included in the NPM distribution. - Add support for SASL-EXTERNAL
- #193 Move phantomjs dependencies to devDependencies
- #178 Added new value (CONNTIMEOUT) to Strophe.Status
- #180 bosh: check sessionStorage support before using it
- #182 Adding SASL OAuth Bearer authentication
- #190 Fix .c() to accept both text and numbers as text for the child element
- #192 User requirejs instead of require for node compat
- Add a new Strophe.Connection option to add cookies
- Add new Strophe.Connection option "withCredentials"
- #147 Support for UTF-16 encoded usernames (e.g. Chinese)
- #162 allow empty expectedFrom according to W3C DOM 3 Specification
- #171 Improve invalid BOSH URL handling
- Bugfix. Check if JID is null when restoring a session.
- #127 IE-Fix: error on setting null value with setAttributes
- #138 New stub method nextValidRid
- #144 Change ID generator to generate UUIDs
- #109 Explicitly define AMD modules to prevent errors with AlmondJS and AngularJS.
- #111 Fixed IE9 compatibility.
- #113 Permit connecting with an alternative authcid.
- #116 tree.attrs() now removes Elements when they are set to undefined
- #119 Provide the 'keepalive' option to keep a BOSH session alive across page loads.
- #121 Ensure that the node names of HTML elements copied into XHTML are lower case.
- #124 Strophe's Builder will swallow elements if given a blank string as a 'text' parameter.
- Rerelease of 1.2.0 but with a semver tag and proper formatting of bower.json for usage with Bower.io.
- Add bower package manager support.
- Add commandline testing support via qunit-phantomjs-runner
- Add integrated testing via TravisCI.
- Fix Websocket connections now use the current XMPP-over-WebSockets RFC
- #25 Item-not-found-error caused by long term request.
- #29 Add support for the Asynchronous Module Definition (AMD) and require.js
- #30 Base64 encoding problem in some older browsers.
- #45 Move xhlr plugin to strophejs-plugins repo.
- #60 Fixed deletion of handlers in websocket connections
- #62 Add
xmlunescape
method. - #67 Use correct Content-Type in BOSH
- #70
_onDisconnectTimeout
never tiggers because maxRetries is undefined. - #71 switched to case sensitive handling of XML elements
- #73
getElementsByTagName
problem with namespaced elements. - #76 respect "Invalid SID" message
- #79 connect.pause work correctly again
- #90 The queue data was not reset in .reset() method.
- #104 Websocket connections with MongooseIM work now
- Fix SCRAM-SHA1 auth now works for multiple connections at the same time
- Fix Connecting to a different server with the same connection after disconnect
- Add Gruntfile so StropheJS can now also be built using grunt
- Fix change in sha1.js that broke the caps plugin
- Fix all warnings from jshint.
- Add option for synchronous BOSH connections
- moved bower.json to other repository
- Remove unused code in sha1 and md5 modules
- Fix BOSH attach is working again
- Add Support for XMPP-over-WebSocket
- Authentication mechanisms are now modular and can be toggled
- Transport protocols are now modular and will be chosen based on the connection URL. Currently supported protocols are BOSH and WebSocket
- Add Strings to some disconnects that indicate the reason
- Add option to strip tags before passing to xmlInput/xmlOutput
- Fix Connection status staying at CONNFAIL or CONNECTING in certain error scenarios
- Add package.json for use with npm
- Add bower.json for use with bower
- Fix handlers not being removed after disconnect
- Fix legacy non-sasl authentication
- Add better tests for BOSH bind
- Fix use of deprecated functions in tests
- Remove some dead code
- Remove deprecated documentation
- Fix Memory leak in IE9
- Add An options object can be passed to a Connection constructor now
- Add "Route" Parameter for BOSH Connections
- Add Maximum number of connection attempts before disconnecting
- Add conflict condition for AUTHFAIL
- Add XHTML message support
- Fix parsing chat messages in IE
- Add SCRAM-SHA-1 SASL mechanism
- Fix escaping of messages
- Fix security bug where DIGEST-MD5 client nonce was not properly randomized.
- Fix double escaping in copyElement.
- Fix IE errors related to importNode.
- Add ability to pass text into Builder.c().
- Improve performance by skipping debugging callbacks when not overridden.
- Wrap handler runs in try/catch so they don't affect or remove later handlers.
- Add ' and " to escaped characters and other escaping fixes.
- Fix _throttledRequestHandler to use proper window size.
- Fix timed handler management.
- Fix flXHR plugin to better deal with errors.
- Fix bind() to be ECMAScript 5 compatible.
- Use bosh.metajack.im in examples so they work out of the box.
- Add simple XHR tests.
- Update basic example to HTML5.
- Move community plugins to their own repository.
- Fix bug causing infinite retries.
- Fix 5xx error handling.
- Store stream:features for later use by plugins.
- Fix to prevent passing stanzas during disconnect.
- Fix handling of disconnect responses.
- Fix getBareJidFromJid to return null on error.
- Fix equality testing in matchers so that string literals and string objects both match.
- Fix bare matching on missing from attributes.
- Remove use of reserved word self.
- Fix various documentation errors.
- Fix handling of window, hold, and wait attributes. Bug #75.
- First release.