堆栈内存溢出
  简体   繁体   English

在 GitHub README.md 中嵌入 JavaScript

[英]Embed JavaScript in GitHub README.md

 原文  2014-01-24 19:23:53       javascript/ github/ markdown

问题描述

I want to embed a tweet in a GitHub README file.我想在 GitHub README 文件中嵌入一条推文。 Markdown should support this, however when I add the code that is copied from the tweet the JavaScript doesn't get rendered. Markdown 应该支持这一点,但是当我添加从推文复制的代码时,JavaScript 不会被呈现。

Example:例子:

<blockquote>...</blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>

Any ideas?有任何想法吗?

2 个解决方案

解决方案1
 37 已采纳  

Allowing javascript from third parties directly on a website has huge XSS attacks implications.直接在网站上允许来自第三方的 javascript 具有巨大的 XSS 攻击影响。 Someone could use javascript code for example to grab the cookies associated to any visitor's github accounts and forward them to a malicious entity.例如,有人可以使用 javascript 代码获取与任何访问者的 github 帐户相关联的 cookie,并将其转发给恶意实体。

There's also the nuisance potential, as having access to javascript means having access to the CPU of the visitor and being able to do things like pop-ups or blinking text.还有潜在的麻烦,因为访问 javascript 意味着可以访问访问者的 CPU 并能够执行诸如弹出窗口或闪烁文本之类的操作。

As such it's natural that javascript isn't supported in READMEs.因此,自述文件中不支持 javascript 是很自然的。 Markdown may have a way of doing it, but it'll never be allowed on a website like GitHub. Markdown可能有办法做到这一点,但它永远不会在像 GitHub 这样的网站上被允许。

However, you can do it on your project's github page , if you have one, since it doesn't belong to the main github website and the domain is not the same.但是,您可以在项目的github 页面上执行此操作(如果有),因为它不属于 github 主网站并且域也不相同。

解决方案2
 14  2015-08-16 18:22:35

As a follow up to coyotte508's answer (sorry, not enough points to reply directly):作为coyotte508的回答的后续(抱歉,没有足够的积分直接回复):

If Github were to enable such a feature they could use iFrames as an effective measure against XSS in the same way ReadTheDocs does.如果 Github 启用这样的功能,他们可以像 ReadTheDocs 一样使用 iFrames 作为对抗 XSS 的有效措施。

EDIT: Also you might want to check out readthedocs.org as an alternative to a Github README.md.编辑:您也可能想查看 readthedocs.org 作为 Github README.md 的替代品。 They support embedding javascript in rst files.它们支持在 rst 文件中嵌入 javascript。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在GitHub README.md中嵌入Bookmarklet - Embed Bookmarklet in GitHub README.md 如何在 Markdown 中使用 Github 按钮(README.md) - How to use Github buttons in Markdown (README.md) 显示 README.md 文件内容 - Show README.md file contents jsdoc错误ENOENT:没有这样的文件或目录,打开&#39;./readme/readme.md&#39; - jsdoc error ENOENT: no such file or directory, open './readme/readme.md' 为什么 webpack 尝试解析我的 readme.md 文件 - Why does webpack try to parse my readme.md files 如何使用 Codemirror 突出显示 README.md 文件 - how to highlight README.md File using Codemirror My Deployed网站仅在登录页面上显示readme.md - My Deployed website is only showing readme.md on landing page 如何在网站上嵌入github git README文件 - how to embed a github git README file on a website 带有图像的 Javascript 书签在 github 自述文件中 - Javascript bookmarklet with image on github readme 如何让快速端点返回 README.md 文件? - How can I have an express endpoint return a README.md file?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM