@vmg @kivikakk Is <svg> missing from this list? https://github.github.com/gfm/#disallowed-raw-html-extension- … Also, where’s the repo for your spec?
-
-
I think we're currently allowing SVG because there's enough existing usage!
1 reply 0 retweets 0 likes -
<svg> seems to be stripped, in issue comment previews at least. Am I testing incorrectly?
1 reply 0 retweets 0 likes -
Replying to @mathias
Oh, sorry, I understand now. You can see that our parser supports SVG: https://github.com/github/cmark/blob/master/extensions/tagfilter.c#L4-L7 …
2 replies 1 retweet 1 like -
the specifics on the sanitization filters are not in our GFM spec, because they apply to _all_ content (MD, RST, ASCIIDOC...)
2 replies 0 retweets 0 likes -
Replying to @vmg
So there is no existing usage of (inline!) <svg> then?
2 replies 0 retweets 0 likes -
Replying to @mathias
Looking at our commit history, no. We've never allowed it to begin with, I believe because of XSS concerns.
1 reply 0 retweets 0 likes
Mathias Bynens Retweeted Vicent Martí
That’s what I was wondering about :) So I was surprised to read https://twitter.com/vmg/status/841713595205451780 … but I guess you meant non-inline SVG there
Mathias Bynens added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.