Book mode: Assume target=_blank when frame-ancestors keeps the content from loading

[patcon]

I've created a demo book demonstrating the issue with links to websites like GitHub. GitHub uses the CSP frame-ancestors 'none' (docs), which prevents the browser from showing it. This results in a blank page and this error in console:

Refused to display 'https://github.com/hyphacoop/organizing/blob/master/2019-06-05-all-hands-meeting.md' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

Feeling like maybe it's possible to detect this and open in a new tab. I understand that it might NOT be possible to show the proper "new tab" icon with this method, but perhaps an open source repo with a whitelist of domains could allows users to keep a manual list up-to-date, which HackMD could use to know the CSP in advance. Also, the whitelist could just be a list of test urls/domains, and a script could run nightly to determine the policy on its pages.

Anyhow, thanks for the tool, and any consideration! 🙌

[jackycute]

Hi @patcon thanks for reporting to us, we just noticed that as well. Will try fix this soon!

[patcon]

Also, if you feel that this is a new change and overbearing (imposing on valid use-cases like yours), please do consider reaching out to GitHub support!

Also, I've found a good tactic is to write my feedback in public in the unofficial isaacs/github repository, and then simply linking my private email to that page. I feel it's a tactic that keeps feedback public and allows shows of public support that private ticketing systems can't offer <3