Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Embed JavaScript in GitHub README.md

Tags:

javascript

github

markdown

I want to embed a tweet in a GitHub README file. Markdown should support this, however when I add the code that is copied from the tweet the JavaScript doesn't get rendered.

Example:

<blockquote>...</blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>

Any ideas?

like image 746
Matt Smith Avatar asked Jan 24 '14 19:01

Matt Smith

People also ask

Can you embed javascript in markdown?

Markdown supports inline XHTML but not Javascript.

Can I write HTML in GitHub README?

Wherever HTML is rendered on GitHub (gists, README files in repos, comments on issues and pull requests, ...) you can use any of the HTML elements that GitHub Flavored Markdown (GFM) provides syntactic sugar for.

How do I add a link to a README in GitHub?

Links. You can create an inline link by wrapping link text in brackets [ ] , and then wrapping the URL in parentheses ( ) . You can also use the keyboard shortcut Command + K to create a link.

Can I add CSS to GitHub README?

GitHub does not allow for CSS to affect README.md files through CSS for security reasons (as if you could inject CSS into a ReadMe, you could easily launch a phishing attack). This includes both stylesheets referenced through <link rel> and inline styles used with <style> .

2 Answers

Allowing javascript from third parties directly on a website has huge XSS attacks implications. Someone could use javascript code for example to grab the cookies associated to any visitor's github accounts and forward them to a malicious entity.

There's also the nuisance potential, as having access to javascript means having access to the CPU of the visitor and being able to do things like pop-ups or blinking text.

As such it's natural that javascript isn't supported in READMEs. Markdown may have a way of doing it, but it'll never be allowed on a website like GitHub.

However, you can do it on your project's github page, if you have one, since it doesn't belong to the main github website and the domain is not the same.

like image 121
4 revs, 2 users 93% Avatar answered Sep 19 '22 15:09

4 revs, 2 users 93%

As a follow up to coyotte508's answer (sorry, not enough points to reply directly):

If Github were to enable such a feature they could use iFrames as an effective measure against XSS in the same way ReadTheDocs does.

EDIT: Also you might want to check out readthedocs.org as an alternative to a Github README.md. They support embedding javascript in rst files.

like image 34
D1plo1d Avatar answered Sep 21 '22 15:09

D1plo1d
Sign in to Comment

Related questions

Cannot flush updates when React is already rendering
Asynchronous JavaScript - Callbacks vs Deferred/Promise [duplicate]
window.close() doesn't work - Scripts may close only the windows that were opened by it
Failed to load resource: net::ERR_NETWORK_IO_SUSPENDED
Where can I find Upshot.js examples and documentation?
How to implement interface in javascript [duplicate]
Javascript memory profiler for Firefox
Maven plugin for versioning and minifying javascript
jQuery: Hide element on click anywhere else apart of the element [duplicate]
Why is YYYY-MM-DD != YYYY/MM/DD [duplicate]
How to fix this ES6 module circular dependency?
Pass object as prop on Vue
console.log wrapper that keeps line numbers and supports most methods? [closed]
Why is Number.MAX_SAFE_INTEGER 9,007,199,254,740,991 and not 9,007,199,254,740,992?
How to get on-screen visible element objects in jQuery? [duplicate]
Is there an equivalent to the "alt" attribute for div elements?
How to put methods onto the objects in Redux state?
Asynchronous constructor
Google Place API - No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access [duplicate]
Does adding too many event listeners affect performance?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!