@vmg @kivikakk Is <svg> missing from this list? https://github.github.com/gfm/#disallowed-raw-html-extension- … Also, where’s the repo for your spec?
-
-
Looking at our commit history, no. We've never allowed it to begin with, I believe because of XSS concerns.
-
That’s what I was wondering about :) So I was surprised to read https://twitter.com/vmg/status/841713595205451780 … but I guess you meant non-inline SVG there
End of conversation
New conversation -
-
-
btw, our security team has worked very hard on CSP. If you feel strongly about SVG support, please email us at support@github.com
-
These things can always be reevaluated as technology gets better!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.