emceeaich: A close-up of a pair of cats-eye glasses (Default)
Emma Humphries ([personal profile] emceeaich) wrote in [site community profile] dw_suggestions2012-08-07 04:57 pm

Enable Embedding GitHub Gists as Media in Posts

Title:
Enable Embedding GitHub Gists as Media in Posts

Area:
posting, media

Summary:
Enable adding GitHub Gists, which are embedded as scripts, in posts, via the 'add media' option so that DW users can post short blocks of formatted source code for discussion and review.

Description:
Gists are text files hosted on GitHub enabling developers to post short snippets of code for review and comment.

GitHub provides a way to embed a gist on a site, as a script file:

<script src="https://gist.github.com/3290622.js?file=foo.js"></script>

However, DW wisely prevents scripts from being embedded as either media or post content because XSS :)

But adding gist.github.com to a whitelist would enable coders of all skill levels to quickly post nicely formatted snippets of code for review, discussion, and comment.

Poll #11553 Enable Embedding GitHub Gists as Media in Posts
Open to: Registered Users, detailed results viewable to: All, participants: 53


This suggestion:

View Answers

Should be implemented as-is.
13 (24.5%)

Should be implemented with changes. (please comment)
5 (9.4%)

Shouldn't be implemented.
5 (9.4%)

(I have no opinion)
30 (56.6%)

(Other: please comment)
0 (0.0%)

ninetydegrees: Art: self-portrait (Default)

[personal profile] ninetydegrees 2012-08-27 09:25 pm (UTC)(link)
If this could never be used for nefarious purposes, then yes.
kaberett: Trans symbol with Swiss Army knife tools at other positions around the central circle. (Default)

[personal profile] kaberett 2012-08-27 09:35 pm (UTC)(link)
+1
ladyasul: Top: a screen-capture of the Kernel Panic error screen from Mac OSX. Below: the words "This again? FSCK it." (technogeekery)

[personal profile] ladyasul 2012-08-28 12:54 am (UTC)(link)
+1
ninetydegrees: Art: self-portrait (Default)

[personal profile] ninetydegrees 2012-08-28 05:21 am (UTC)(link)
So it's not safer that allowing any other script? If that's the case I don't think we should make an exception.

[personal profile] swaldman 2012-08-28 08:10 am (UTC)(link)
Ah, I misunderstood. The Github user can't write the script, the script is simply something generated by github to display the user's text? So that's no worse than being at risk from bugs in other sites such as Youtube?
*changes vote*
Edited 2012-08-28 08:12 (UTC)
ninetydegrees: Art: does and waterfall (dear deer)

[personal profile] ninetydegrees 2012-08-28 08:56 am (UTC)(link)
Thanks for the clarification; I'm back to my first comment then. :)
deborah: the Library of Congress cataloging numbers for children's literature, technology, and library science (Default)

[personal profile] deborah 2012-09-05 03:34 pm (UTC)(link)
+1
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2012-08-27 10:16 pm (UTC)(link)
How is this substantially different from including a textbox on an entry?
erik: A Chibi-style cartoon of me! (Default)

[personal profile] erik 2012-08-28 12:55 am (UTC)(link)
Or using the <code> tag.
If (you know a little HTML)
show (your work)
endif

[personal profile] swaldman 2012-08-28 06:52 am (UTC)(link)
I'd be all in favour of adding a tag for pretty code display :-)
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2012-08-28 11:26 pm (UTC)(link)
Oh, I approve of something that would provide code highlighting.

[personal profile] swaldman 2012-08-28 06:50 am (UTC)(link)
So, um, would this allow people to run arbitrary scripts embedded in DW pages? Seems like a bad idea in that case, but my web-security-fu is weak so I may be needlessly concerned.

I'd be all for allowing embeds that simply display as text. (or am I being hopelessly naive in making this an easy distinction?)

[personal profile] alexbayleaf 2012-08-29 11:01 pm (UTC)(link)
I voted "should be implemented as-is". At first I had no opinion, but then on reading the comments and remembering that DW development is switching to Github, it made much more sense to have this kind of integration. I wouldn't mind a code markup thingy either, mind you, but gist embedding seems easier.

[personal profile] kindnesstheorist 2019-02-17 06:37 pm (UTC)(link)
I think "rejectd" should be "rejected" in the tags.