mdjs-viewer

See Markdown JavaScript demos directly on github.com

什么是mdjs-viewer?

mdjs-viewer是由Thomas Allmer开发的Chrome扩展程序,该扩展的主要功能是“See Markdown JavaScript demos directly on github.com”。

扩展截图

screenshot
screenshot

下载mdjs-viewer扩展crx文件

下载mdjs-viewer扩展crx格式的文件,手动将Chrome插件安装到浏览器中,也可以将crx文件分享给朋友,轻松安装Chrome插件。

扩展使用说明

                        # Markdown JavaScript Viewer (mdjs-viewer)

[mdjs (Markdown JavaScript)](https://www.npmjs.com/package/@mdjs/core) allows to execute code and show interactive demos within your markdown documentation.

This extension takes this functionality and enables it directly on github.com.

You can see live demos in

- Github Markdown files (like README.md)
- Github Issues (incl. edit preview, new comment preview, new issue preview)
- ... more is planned but not yet implemented

## Security

Executing user code especially in github issues can be dangerous.
This extension isolates code executing as much as possible.
It can be considered as secure as any page that executes user code like codepen or jsfiddle.

The Security Measures are:

- not executing any code without user action (e.g. requires a click of a button first)
- shows demos/executes code within an iframe
  - that uses [sandbox](https://www.w3schools.com/tags/att_iframe_sandbox.asp) with the following settings `sandbox="allow-scripts"`
  - populates the iframe with a data uri
  - does not allow any requests (except unpkg) to got outside of the iframe

This prevents [all known attack vectors](https://github.com/open-wc/mdjs-viewer/issues/2). If you come up with new once please [report them](https://github.com/open-wc/mdjs-viewer/issues/new).

### Warning

In order to function this extension modifies the CSP (Content Security Policy) for github.com with the following rules:

- adds to script-src
  - `'unsafe-inline'` to execute code blocks within the mdjs iframe
  - `unpkg.com` to load user dependencies from within the mdjs iframe

## Demos

Enable the extension and visit the following pages

1. [Readme of demo-wc-card](https://github.com/daKmoR/demo-wc-card)
2. [Issues of demo-wc-card](https://github.com/daKmoR/demo-wc-card/issues/1)

## How does it work?

It adds a button `show demo ▹` to markdown pages and issues. Once you press it will get the raw md text which then gets pass though [mdjs](https://www.npmjs.com/package/@mdjs/core) and an extra plugin which replaces all imports (relative and bare imports) with [unpkg.com](https://unpkg.com/) urls with the `?module` flag. This way all dependencies can be directly loaded in the browser without the need of any service.

Finally we create an iframe with the content of the mdjs html and js output.

## Limits

In order to get the raw md content of an issues (only the first message not following comments) a request to api.github.com is required.
This request is only needed if you actually click on the `show demo ▹` button.
There is a hard limit of 60 anonymous api calls to github per hour.
For more an API key is needed. (You can not yet provide it to the extension 🙈 - feel free to open a feature request)                    

扩展基本信息

名称 mdjs-viewer mdjs-viewer
ID ifkkmomkjknligelmlcnakclabgohafe
官方URL https://chromewebstore.google.com/detail/mdjs-viewer/ifkkmomkjknligelmlcnakclabgohafe
简介 See Markdown JavaScript demos directly on github.com
文件大小 256 KB
安装次数 51
当前版本 0.0.4
更新时间 2020-04-03
上架时间 2020-04-03
开发者 Thomas Allmer
电子邮箱 [email protected]
付费类型 free
扩展官网 https://github.com/open-wc/mdjs-viewer
帮助页面URL https://github.com/open-wc/mdjs-viewer
支持的语言 en
manifest.json
{
    "update_url": "https:\/\/clients2.google.com\/service\/update2\/crx",
    "name": "mdjs-viewer",
    "description": "See Markdown JavaScript demos directly on github.com",
    "version": "0.0.4",
    "manifest_version": 2,
    "permissions": [
        "webRequest",
        "webRequestBlocking",
        "https:\/\/github.com\/*"
    ],
    "content_scripts": [
        {
            "matches": [
                "https:\/\/github.com\/*"
            ],
            "js": [
                "esm-loaders\/esm-loader-content.js"
            ]
        }
    ],
    "web_accessible_resources": [
        "src\/*.js",
        "deps\/*"
    ],
    "content_security_policy": "script-src 'self' 'unsafe-eval' unpkg.com; object-src 'self'",
    "background": {
        "page": "esm-loaders\/esm-loader-background.html",
        "persistent": true
    },
    "browser_action": {
        "default_title": "mdjs",
        "default_icon": {
            "16": "images\/favicon-16x16.png",
            "32": "images\/favicon-32x32.png",
            "192": "images\/android-chrome-192x192.png",
            "512": "images\/android-chrome-512x512.png"
        }
    }
}