I have a readme that I want to have a link for a bookmarklet to in. The link starts with javascript:.....
Due to this, github doesn't render the link, and instead renders it as a link to github.com
I under-estimated the difficulty of using github pages. You should probably use that.
Just encountered this as well. Tried escaping all brackets in the link, and the page is rendered correctly visually, but there is no "href" attribute given to the A tag.
+1
+1
Still needed
+1
+1
+1, Please
I was thinking about it - this is done to prevent sneaky XSS includes in Github. I'm going to close this issue.
+1
even if it's a xss prevention mechanism, it's up to the user to know if should click on a javascript link
+1
Just show some visual warning next to it, some icon or something similar.
Has anyone found an alternative to sharing bookmarklets in a github wiki?
+1
馃槥
Maybe we will have some day this feature?
For security reasons, we don't allow user-controlled scripts to run on GitHub.com, and this is one example of that. (A malicious user could steal your GitHub cookies or access other open GitHub tabs with possibly confidential information, due to the same-origin policy.)
This issue makes it impossible to offer OpenSearch plug-ins on github wiki pages. Firefox supports two methods for a web page to offer an OpenSearch plug-in: auto-discovery by placing a link rel in the head element, or a link that invokes a javascript method.
https://developer.mozilla.org/en-US/docs/Web/API/Window/sidebar/Adding_search_engines_from_Web_pages
Neither of these looks possible in github wiki pages -- the head element doesn't appear customizable at all, and user-controlled javascript is disabled for security reasons (= this report).
works in github pages like https://retrography.github.io/VUTt/,
but not in gists (same VUTt Link) https://gist.github.com/Artistan/2f212b8ea3d1ec0fbe3e1be1fbb7a987
Most helpful comment
For security reasons, we don't allow user-controlled scripts to run on GitHub.com, and this is one example of that. (A malicious user could steal your GitHub cookies or access other open GitHub tabs with possibly confidential information, due to the same-origin policy.)