Refused to load the image 'https://pbs.twimg.com/profile_images/809025702196609024/yoUKPJet_bigger.jpg' because it violates the following Content Security Policy directive: "img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com".
BUT looks like the cdn they use for markdown files in readme files works so something like this can be injected
But not good to make it dynamic so the other option and I think the best is base64 images from the repo because we also have cors in our cdn
In this code I fetch the svg and transform it to a base64 image, since the images are complex we should limit to show only a few.
I was playing a little with this
Some restrictions in gitcoin injection
BUT looks like the cdn they use for markdown files in readme files works so something like this can be injected
But not good to make it dynamic so the other option and I think the best is base64 images from the repo because we also have cors in our cdn In this code I fetch the svg and transform it to a base64 image, since the images are complex we should limit to show only a few.
https://jsbin.com/zugifig/2/edit?html,js,output