(koaning.io)

518 points cantdutchthis | 4 comments | 08 Jul 25 08:23 UTC | HN request time: 0.78s | source

Show context

layer8 ◴[08 Jul 25 16:33 UTC] No.44501626[source]▶

What does “Github supports these” mean here? Isn’t it the browser that has to support them?

c-hendricks ◴[08 Jul 25 16:39 UTC] No.44501670[source]▶

Github could (should) be doing some sanitation of the HTML included in the readme, so they absolutely could be removing some nasty things SVGs support

replies(1): >>44501773 #

layer8 ◴[08 Jul 25 16:51 UTC] No.44501773[source]▶

>>44501670 #

But it’s just an image link to some SVG file. No HTML involved, only a Markdown image link that GitHub will render as an HTML <img src="…"/> element. The actual SVG file linked to isn’t even necessarily hosted by GitHub.

replies(2): >>44502270 #>>44505009 #

1. paulryanrogers ◴[08 Jul 25 17:42 UTC] No.44502270[source]▶

>>44501773 #

They could follow the img src and deny any which are harmful. Or even replace them with a sanitized copy.

replies(1): >>44502706 #

2. layer8 ◴[08 Jul 25 18:32 UTC] No.44502706[source]▶

>>44502270 (TP) #

This is nonsense. The actual file at the URL could change at any time. No system is doing something like that if it isn’t serving the file itself.

And, getting back to the original point, you wouldn’t be worrying that GitHub doesn’t “support” a URL that happens to point to a file of a particular subformat that the URL itself doesn’t disclose.

replies(2): >>44503297 #>>44505240 #

3. Evidlo ◴[08 Jul 25 19:38 UTC] No.44503297[source]▶

>>44502706 #

Doesn't Github already replace externally linked images with its own cached version when rendering out Markdown files?

4. shepherdjerred ◴[09 Jul 25 00:28 UTC] No.44505240[source]▶

>>44502706 #

GitHub definitely mirrors images. Any image you see on a README will be loaded from githubusercontent.com

↑

SVGs that feel like GIFs