README rendering doesn't handle relative/local SVG images #316
Comments
|
SVG does not work from READMEs by design for security concerns: http://stackoverflow.com/a/21521184/895245 Interestingly, however, it seems that is has started to show on blob show: https://github.com/blog/1902-svg-viewing-diffing https://github.com/cirosantilli/test/blob/master/svg.svg , so maybe this request might be accepted now? |
Putting the security angle aside for a moment, SVGs totally do work in READMEs: it's how shields.io does badges (h5bp/lazyweb-requests#150), along with other services like Gitter. This is a bug, one that is only present for SVG files relative to the README in the repository. The bug is caused (as far as I can tell, with a tip of the hat to Karsten S.) by the Markdown renderer rewriting remote URLs to point to rehosted images at camo.githubusercontent.com (which handles SVG's content-type correctly), but directing local urls to a route that points to raw.githubusercontent.com (which serves SVG files as The solution should be to fix raw.githubusercontent.com to handle SVGs the same way as it handles other images (serving them with the appropriate content-type), or (if that's unfeasible) to have the Markdown render path rewrite local SVG references to rehost and point to camo.githubusercontent.com (as it currently does for remote images). (edited 2017-07-23 to bold the line with the solution for anybody coming in from github/markup#556) Coming back to the security question, there's no actual security problem to displaying SVGs. As the links on that question mention, SVG images don't run scripts, and even if they did, it would be in a sandboxed document no more dangerous than visiting the image separately/in an iframe. |
|
Regarding fixing raw.githubusercontent.com: If GitHub has a problem with raw.githubusercontent.com having bad performance as a CDN, the fix is staring them right in the face: put it on the deployment system gh-pages uses (#212), minus the Jekyll rendering step. This is how people are already working around this problem (I've even renamed my |
|
On 12/19/2014 8:34 AM, GitHub Staff wrote:
|
take the "raw=true" back off, thanks to isaacs/github#316
|
What security concerns are you talking about? Browsers are already disabling scripting and other security-related SVG features in an |
|
@GreLI That's what I said:
|
Somewhat documented as an issue in this repo: isaacs/github#316
Attribution required by CC-BY 2.5 license. <img/> hack to workaround isaacs/github#316 .
|
A workaround for others hitting this issue from a search engine (as I did) is to use the Before: After: |
Bug in GH: isaacs/github#316
GitHub doesn't handle relative paths to SVG images properly. isaacs/github#316
apparently relative svg images bug out locally. See: isaacs/github#316
As discussed here: isaacs/github#316
|
+1 |
DOC: work around GH isaacs/github#316 to show SVG image
|
I was going to close this, but github/markup#556 (comment) suggests it's still an issue. |
|
I think this issue can be closed. Embedding SVG in Markdown is officially supported by GitHub. If there is still any issue, it would be considered bug instead of lack of feature, so user should report in https://github.com/github/markup. |
ghost
mentioned this issue
We cannot see the 'schedule.png', so according to this submit (nodejs/Release@2bf2ea3), it seems the img was removed and we've used 'schedule.svg' instead. The reason why I use the parameter `?sanitize=true` is that we MUST make sure that the response type should be of img (Content-Type should be `img/svg+xml` instead of `text/plain`). For more about svg rendering on GitHub's server, please see these related posts: 1. isaacs/github#316 (comment) 2. https://stackoverflow.com/questions/13808020/include-an-svg-hosted-on-github-in-markdown (See 'Linking to RAW files (Does not work)'). Fix for: #2055
|
Per above & https://stackoverflow.com/a/16462143, this is solved |
The upstream issue that blocked this was resolved (isaacs/github#316)
The upstream issue that blocked this was resolved (isaacs/github#316)
The upstream issue that blocked this was resolved (isaacs/github#316)
Since badge is cached in github, badge is not updated. For example, current coverage is 83.7%, however, badge on NNStreamer mainpage indicated old value. Reference : https://stackoverflow.com/questions/13808020/include-an-svg-hosted-on-github-in-markdown/16462143#16462143 Related issure : isaacs/github#316 Signed-off-by: gichan-jang <gichan2.jang@samsung.com>
womp womp isaacs/github#316 (Kiril Vatev)
womp womp isaacs/github#316 (Kiril Vatev)
womp womp isaacs/github#316 (Kiril Vatev)
and others
See https://github.com/litl-license/litl-license/tree/e50196aa3dba3f667728483eb801022d9c113925 - I had to switch the inline image here to PNG for it to display on GitHub, which is lame and means that it's going to look lousy on Retina displays. (I would later go on to fix this by passing it through a gh-pages URL, which gives the added benefit of the code working when copied to repos that don't have this image.)
The text was updated successfully, but these errors were encountered: