|
|
@@ -101,17 +101,8 @@
|
|
|
|
|
|
<h3>Is it secure?</h3>
|
|
|
<p>
|
|
|
- Yes, as long as you can trust that the Javascript being downloaded is
|
|
|
- not being tampered with. This page itself is served by Github and is not <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS/TLS</a>
|
|
|
- encrypted (i.e. served via <a href="https://en.wikipedia.org/wiki/HTTPS">HTTPS</a>).
|
|
|
- I don't know how probable it is that Github served pages could be hacked to
|
|
|
- insert malicious Javascript.
|
|
|
- </p>
|
|
|
- <p>
|
|
|
- Ideally you'd want your site to be served encrypted via HTTPS.
|
|
|
- In this case, use with caution. You can of course go
|
|
|
- download the source from Github and run this page locally, removing
|
|
|
- the attack vector altogether.
|
|
|
+ Yes, barring any undiscovered security holes and as long as you can trust that the Javascript being downloaded is
|
|
|
+ not tampered with. Its therefore important to serve your pages encrypted with <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS</a>.
|
|
|
</p>
|
|
|
<p>
|
|
|
<em>Converse.js</em> itself makes encrypted HTTPS requests to a <em>connection manager</em>, which will make an
|
|
|
@@ -161,7 +152,7 @@
|
|
|
<p><strong>Converse.js</strong> is released under both the <a href="http://opensource.org/licenses/mit-license.php" target="_blank">MIT</a>
|
|
|
and <a href="http://opensource.org/licenses/GPL-2.0" target="_blank">GPL</a> licenses.</p>
|
|
|
|
|
|
- <h2>Donate</h2>
|
|
|
+ <h2>Tips</h2>
|
|
|
<p><strong>Bitcoin address:</strong> 16FsPqE9DhFTryxrUenpsGX4LJ1TPu8GqS</p>
|
|
|
|
|
|
<h2>Contact</h2>
|
JC Brand