Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS warning caused by GH follow button #20

Open
jrfnl opened this issue Feb 29, 2016 · 2 comments
Open

XSS warning caused by GH follow button #20

jrfnl opened this issue Feb 29, 2016 · 2 comments

Comments

@jrfnl
Copy link
Contributor

jrfnl commented Feb 29, 2016

A XSS waning pops up on the single post page if the GH follow button is used - see screenshot.

This is caused by the GitHub:buttons javascript code and is a known issue there: buttons/github-buttons#15

screenshot
jrfnl added a commit to jrfnl/neo-hpstr-jekyll-theme that referenced this issue Feb 29, 2016
@jrfnl
Switch over to another GH follow script.
4c3e637 
Button now generated using: http://www.buildbuttons.com/GitHub/FollowButton

This solves aron-bordin#20, but doesn't look as nice so might need some style tweaking which isn't as easy as the styling is contained within a separate HTML page in an `<iframe>` with it's own styling.

The current PR contains the small button:

![screenshot](http://snag.gy/IXLXH.jpg)

I've tried the big button as well, but that looks even worse:
![screenshot](http://snag.gy/KbOKu.jpg)
@jrfnl jrfnl mentioned this issue Feb 29, 2016
Closed
@aron-bordin
Copy link
Owner

Which browser shows this warning ?

@jrfnl
Copy link
Contributor Author

jrfnl commented Mar 4, 2016

Pale Moon - it was originally a 64-bit & more secure version of Firefox, but is developing quite fast into an independent direction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrfnl @aron-bordin