Github检查API在将HTML作为评论文本传递时忽略了样式属性。

huangapple go评论66阅读模式
英文:

Github checks api is ignoring style attributes when html is passed as comment text

问题

I am using github's create check run api to create a check run for my PR.

我正在使用GitHub的 create check run API 来为我的 PR 创建一个检查运行。

I am passing the request body in the following structure:

我将请求主体传递给以下结构:

{
    "name"       : name,
    "head_sha"   : script.env.CI_COMMIT_SHA,
    "status"     : status,
    "details_url": detailsUrl,
    "output"     : {
            "title"  : title,
            "summary": summary,
            "text"   : commentText
    }
}

The variable commentText is of datatype String containing html with inline styles, which looks something like this:

变量 commentText 的数据类型是 String,包含带有内联样式的 HTML,看起来像这样:

<table>
   <tbody>
      <tr>
         <th>Change</th>
         <th>Module Name</th>
      </tr>
      <tr>
         <td style = 'color:orange'>Modified</td>
         <td>build_dood_vmss.azurerm_linux_virtual_machine_scale_set.vmss</td>
      </tr>
      <tr>
         <td style = 'color:green'>Added</td>
         <td>build_dood_vmss_test.azurerm_linux_virtual_machine_scale_set.vmss</td>
      </tr>
      <tr>
         <td style = 'color:green'>Added</td>
         <td>build_dood_vmss_test2.azurerm_linux_virtual_machine_scale_set.vmss</td>
      </tr>
      <tr>
         <td style = 'color:green'>Added</td>
         <td>build_dood_vmss_test3.azurerm_linux_virtual_machine_scale_set.vmss</td>
      </tr>
   </tbody>
</table>

Checks API gives me a success statucode (201 Created) for this body, and the above table is published to checks tab of the PR. But the inline style attributes are somehow ignored and removed from the html. I have verified this by inspecting the published html on the PR from browser.

Checks API 返回给我一个成功的状态码 (201 Created) 用于此主体,上面的表格被发布到 PR 的检查选项卡中。但是内联样式属性在 HTML 中被忽略和移除了。我通过在浏览器中检查发布的 HTML 来进行了验证。

What do I have to do to retain the inline style attributes?
Please help

我需要做什么来保留内联样式属性?请帮忙。

英文:

I am using github's create check run api to create a check run for my PR.

I am passing the request body in the following structure:

{
    &quot;name&quot;       : name,
    &quot;head_sha&quot;   : script.env.CI_COMMIT_SHA,
    &quot;status&quot;     : status,
    &quot;details_url&quot;: detailsUrl,
    &quot;output&quot;     : {
            &quot;title&quot;  : title,
            &quot;summary&quot;: summary,
            &quot;text&quot;   : commentText
    }
}

The variable commentText is of datatype String containing html with inline styles, which looks something like this:

&lt;table&gt;
   &lt;tbody&gt;
      &lt;tr&gt;
         &lt;th&gt;Change&lt;/th&gt;
         &lt;th&gt;Module Name&lt;/th&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
         &lt;td style = &#39;color:orange&#39;&gt;Modified&lt;/td&gt;
         &lt;td&gt;build_dood_vmss.azurerm_linux_virtual_machine_scale_set.vmss&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
         &lt;td style = &#39;color:green&#39;&gt;Added&lt;/td&gt;
         &lt;td&gt;build_dood_vmss_test.azurerm_linux_virtual_machine_scale_set.vmss&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
         &lt;td style = &#39;color:green&#39;&gt;Added&lt;/td&gt;
         &lt;td&gt;build_dood_vmss_test2.azurerm_linux_virtual_machine_scale_set.vmss&lt;/td&gt;
      &lt;/tr&gt;
      &lt;tr&gt;
         &lt;td style = &#39;color:green&#39;&gt;Added&lt;/td&gt;
         &lt;td&gt;build_dood_vmss_test3.azurerm_linux_virtual_machine_scale_set.vmss&lt;/td&gt;
      &lt;/tr&gt;
   &lt;/tbody&gt;
&lt;/table&gt;

Checks API gives me a success statucode (201 Created) for this body, and the above table is published to checks tab of the PR. But the inline style attributes are somehow ignored and removed from the html. I have verified this by inspecting the published html on the PR from browser.

What do I have to do to retain the inline style attributes?
Please help

答案1

得分: 1

以下是翻译好的内容:

每一段来自GitHub上用户生成内容(HTML、Markdown、AsciiDoc等)的HTML都经过了清理。这个过程移除了所有的CSS和JavaScript,包括style属性,因此无法使CSS生效。

GitHub这样做的原因有三个。首先,CSS和JavaScript可能带来安全风险。尽管JavaScript的安全影响更为明显,但CSS仍然可以用来隐藏垃圾或不适当的内容,这些内容可能会被搜索引擎索引,而任意的CSS可能会修改或隐藏其他未来自用户生成内容的页面文本。

其次,GitHub必须考虑无障碍性。他们根据法律要求提供符合无障碍性要求的服务和网站,为了实现这一点,文本必须具有一定的大小和对比度,以及其他政策。允许任意颜色、大小或其他各种样式将使这变得难以实际实现。

最后,GitHub希望服务在使用的颜色方案不同的情况下也能吸引人、具有吸引力并且可用。允许用户设置颜色可能会导致在亮色模式下效果良好,但在暗色模式下无法使用,反之亦然。同样,将文本设置得非常小可能对我来说没有问题,但对我年纪较大、视力较差的朋友来说则不合适。而让用户选择大家都认为丑陋的颜色不会产生吸引人的外观。

英文:

Every piece of HTML that comes from user-generated content (HTML, Markdown, AsciiDoc, etc.) on GitHub is sanitized. That process removes all CSS and JavaScript, including style attributes, so there's no way to make the CSS work.

The reason GitHub does this is threefold. First, CSS and JavaScript can pose a security risk. Even though the security impact of JavaScript is more clear, CSS can still be used to hide spammy or inappropriate content which would be indexed by a search engine, and arbitrary CSS could modify or hide other page text that didn't come from the user-generated content.

Second, GitHub has to consider accessibility. They are required by law to provide a service and website which meet accessibility requirements, and in order to do that text must be of a certain size and have a certain contrast, among other policies. Allowing arbitrary colours and sizes or various other styles would make this difficult to practically achieve.

Finally, GitHub wants the service to be appealing, attractive, and usable regardless of the colour scheme in use. Allowing people to set colours might result in something that works great in light mode, but isn't usable in dark mode, or vice versa. Similarly, making text very small might work fine for me, but would not be suitable for an older friend of mine with poorer vision. And letting users pick colours which everyone agrees are hideous would not result in an attractive look.

huangapple
  • 本文由 发表于 2023年4月13日 21:22:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76005957.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定