![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
emceeaich) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_suggestions2012-08-07 04:57 pm
Enable Embedding GitHub Gists as Media in Posts
Title:
Enable Embedding GitHub Gists as Media in Posts
Area:
posting, media
Summary:
Enable adding GitHub Gists, which are embedded as scripts, in posts, via the 'add media' option so that DW users can post short blocks of formatted source code for discussion and review.
Description:
Gists are text files hosted on GitHub enabling developers to post short snippets of code for review and comment.
GitHub provides a way to embed a gist on a site, as a script file:
<script src="https://gist.github.com/3290622.js?file=foo.js"></script>
However, DW wisely prevents scripts from being embedded as either media or post content because XSS :)
But adding gist.github.com to a whitelist would enable coders of all skill levels to quickly post nicely formatted snippets of code for review, discussion, and comment.
This suggestion:
Should be implemented as-is.
13 (24.5%)
Should be implemented with changes. (please comment)
5 (9.4%)
Shouldn't be implemented.
5 (9.4%)
(I have no opinion)
30 (56.6%)
(Other: please comment)
0 (0.0%)
no subject
What I said, is that if there was a flaw in GitHub's code that propagated a XSS or CSRF, then we would have an exposure.
That is not the same as allowing arbitrary scripts which could be intentionally written with a XSS or CSRF vector.
no subject
*changes vote*
no subject
And I would like to have an audit of GitHub's Gist embedding implimentation before proceeding. A review can be a go/no-go part of the process.
no subject