-
-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sandbox iframe used for github star #1542
Conversation
iframe only needs permission to excute script and open new window. It doesn't need other permission like form submission, navigation of top-level browsing content etc. Sandboxing is not supported by IE 10 and below. Read: https://msdn.microsoft.com/en-us/hh563496
I'm not sure if using 3rd party (even used script is not from GitHub itself) application in iframe is the best solution here. |
I have only seen |
I think that's not needed. We can get numbers from GH and vendor button styles. |
What about rate limits of Github API? I hope eventually we will show open issue and pull requests as well. |
I mean on client side. |
I am not sure if doing it on client side would be a feasible solution either. We will be making unauthenticated requests to github api and rate limit for that is 60 requests per hour. |
Turns out we are already making requests to github api 😂 We should so remove this 🙅♂️ @dwradcliffe what do you say? |
I'm totally ok with removing the 3rd party part and doing this ourselves. 👍 I'd like to keep the github api stuff client side though. |
@dwradcliffe I can try to craft this. |
Is this still valid? |
See #1827 |
iframe only needs permission to excute script and open new window.
It doesn't need other permission like form submission, navigation of
top-level browsing content etc. Sandboxing is not supported by IE 10
and below.
Read: https://msdn.microsoft.com/en-us/hh563496