Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The point is they either need to filter the served content, or serve it from a different domain (e.g. githubusercontent.com), otherwise you have XSS-like problems.


My understanding is that things like this are one of the reasons GitHub moved GitHub Pages subdomains from github.com to github.io.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: