Because since it wasn't made by a big multibillion corporation, it is inherently unsafe, like every other thing not made by big multibillion corporations.
Only big money can be trusted.
(i'm obviously not serious here, but i do find it sad how people are fine trusting projects by FAANG, Microsoft, IBM and others of similar scale but once something is made by someone with a human face it suddenly is a problem unless it is a toy)
Security note: Please remember that, while this is a great idea, it’s also an excellent platform for causing havoc such as phishing if the operator’s account is ever hacked or turns malicious. For demo purposes it’s obviously fine but do not make this live without hosting your own, or consider the risk of it sending users to e.g. “glthub.com” someday.
How is this any different from hotlinking an image? I don't understand the security risk here? If a bad actor gets control of the domain all they can do is change the svg that you render.
I suppose you could parse that SVG in an insecure way (if for some reason you were parsing it) but that's not a problem with using the service.
The link to the github repo is located in the code you paste on your own website, so you already host that part yourself. The only thing someone could change if the account is hacked is the contents of the image.
I was thinking of doing something similar with auto-generated SVG files for open graph images. Does anyone know if FB/Twitter etc support SVG images for open graph content?
[+] [-] t0astbread|6 years ago|reply
[+] [-] Crinus|6 years ago|reply
Only big money can be trusted.
(i'm obviously not serious here, but i do find it sad how people are fine trusting projects by FAANG, Microsoft, IBM and others of similar scale but once something is made by someone with a human face it suddenly is a problem unless it is a toy)
[+] [-] floatingatoll|6 years ago|reply
[+] [-] albertgoeswoof|6 years ago|reply
I suppose you could parse that SVG in an insecure way (if for some reason you were parsing it) but that's not a problem with using the service.
[+] [-] ly|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] davchana|6 years ago|reply
Also, try to find if user pasted the complete github.com url; & strip it before processing it.
[+] [-] philshem|6 years ago|reply
But a question - once the SVG/PNG is generated, is it updated when the repo stats change?
[+] [-] lioeters|6 years ago|reply
---
By the way, I'm a huge fan of your work!
I'm sure others would find it enjoyable to see the creative and minimalist software: https://nwtgck.github.io/portfolio/
[+] [-] cosmic_quanta|6 years ago|reply
[+] [-] kevinzg|6 years ago|reply
[deleted]
[+] [-] dotdi|6 years ago|reply
[+] [-] pronoiac|6 years ago|reply
From the title, I thought this was cataloging every web site.
[+] [-] weka|6 years ago|reply
[+] [-] captn3m0|6 years ago|reply
[+] [-] bytematic|6 years ago|reply
[+] [-] ecares|6 years ago|reply
[+] [-] chiefalchemist|6 years ago|reply
[+] [-] MH15|6 years ago|reply
[+] [-] vipref|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] teknologist|6 years ago|reply
[+] [-] reimertz|6 years ago|reply
[+] [-] brogrammernot|6 years ago|reply