refactor: use iframes for gist embedding instead of gist-embed

The used library gist-embed relies on GitHub Gist's JSONP endpoint which is a risk for XSS injection. By adding untrusted content from GitHub into the DOM it also follows very bad practises. Using the iframe embedding has the disadvantage of not having the proper height for the frame auto-loaded, but the security benefits are worth it. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2025-04-08 00:03:48 +02:00
parent d2585fbd3b
commit 0636b5c20b
6 changed files with 8 additions and 23 deletions
--- a/package.json
+++ b/package.json
@@ -167,7 +167,6 @@
    "file-saver": "2.0.5",
    "flowchart.js": "1.18.0",
    "fork-awesome": "1.2.0",
-    "gist-embed": "2.6.0",
    "globals": "16.0.0",
    "highlight.js": "10.7.3",
    "html-webpack-plugin": "4.5.2",