Comment by layer8
6 days ago
But it’s just an image link to some SVG file. No HTML involved, only a Markdown image link that GitHub will render as an HTML <img src="…"/> element. The actual SVG file linked to isn’t even necessarily hosted by GitHub.
6 days ago
But it’s just an image link to some SVG file. No HTML involved, only a Markdown image link that GitHub will render as an HTML <img src="…"/> element. The actual SVG file linked to isn’t even necessarily hosted by GitHub.
If the SVG being linked to is hosted by GitHub, they could make arbitrary changes before serving it to the browser. IIRC, I uploaded an SVG in a GitHub comment and the resulting image had some of its interactive functionality removed. Of course, that situation is slightly different since the file was uploaded in a comment and not as part of a Git repo... but still.
They could follow the img src and deny any which are harmful. Or even replace them with a sanitized copy.
This is nonsense. The actual file at the URL could change at any time. No system is doing something like that if it isn’t serving the file itself.
And, getting back to the original point, you wouldn’t be worrying that GitHub doesn’t “support” a URL that happens to point to a file of a particular subformat that the URL itself doesn’t disclose.
Doesn't Github already replace externally linked images with its own cached version when rendering out Markdown files?
GitHub definitely mirrors images. Any image you see on a README will be loaded from githubusercontent.com