将JavaScript嵌入到GitHub README.md中 [英] Embed JavaScript in GitHub README.md
问题描述
我想在GitHub自述文件中嵌入推文。 Markdown应该支持这一点,但是当我添加从推文复制的代码时,JavaScript不会呈现。
示例:
< blockquote> ...< / blockquote>
< script async src =// platform.twitter.com/widgets.js charset =utf-8>< / script>
有什么想法?
直接在网站上允许来自第三方的JavaScript具有巨大的XSS攻击影响。有人可以使用javascript代码来抓取与任何访客的github账户关联的cookie,并将其转发给恶意实体。
还有一些麻烦的可能性, javascript意味着可以访问访问者的CPU,并且可以执行诸如弹出式窗口或闪烁文字之类的操作。
因此,javascript自然不受支持README文件。 Markdown may 可以做到这一点,但它永远不会被允许在像GitHub这样的网站上。
然而,你可以做到这一点在你的项目的 github页面上,如果你有一个,因为它不属于主要的github网站和域名不一样。
I want to embed a tweet in a GitHub README file. Markdown should support this, however when I add the code that is copied from the tweet the JavaScript doesn't get rendered.
Example:
<blockquote>...</blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
Any ideas?
Allowing javascript from third parties directly on a website has huge XSS attacks implications. Someone could use javascript code for example to grab the cookies associated to any visitor's github accounts and forward them to a malicious entity.
There's also the nuisance potential, as having access to javascript means having access to the CPU of the visitor and being able to do things like pop-ups or blinking text.
As such it's natural that javascript isn't supported in READMEs. Markdown may have a way of doing it, but it'll never be allowed on a website like GitHub.
However, you can do it on your project's github page, if you have one, since it doesn't belong to the main github website and the domain is not the same.
这篇关于将JavaScript嵌入到GitHub README.md中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
