I am using github's create check run api to create a check run for my PR.
I am passing the request body in the following structure:
{
"name" : name,
"head_sha" : script.env.CI_COMMIT_SHA,
"status" : status,
"details_url": detailsUrl,
"output" : {
"title" : title,
"summary": summary,
"text" : commentText
}
}
The variable commentText is of datatype String containing html with inline styles, which looks something like this:
<table>
<tbody>
<tr>
<th>Change</th>
<th>Module Name</th>
</tr>
<tr>
<td style = 'color:orange'>Modified</td>
<td>build_dood_vmss.azurerm_linux_virtual_machine_scale_set.vmss</td>
</tr>
<tr>
<td style = 'color:green'>Added</td>
<td>build_dood_vmss_test.azurerm_linux_virtual_machine_scale_set.vmss</td>
</tr>
<tr>
<td style = 'color:green'>Added</td>
<td>build_dood_vmss_test2.azurerm_linux_virtual_machine_scale_set.vmss</td>
</tr>
<tr>
<td style = 'color:green'>Added</td>
<td>build_dood_vmss_test3.azurerm_linux_virtual_machine_scale_set.vmss</td>
</tr>
</tbody>
</table>
Checks API gives me a success statucode (201 Created) for this body, and the above table is published to checks tab of the PR. But the inline style attributes are somehow ignored and removed from the html. I have verified this by inspecting the published html on the PR from browser.
What do I have to do to retain the inline style attributes? Please help
Every piece of HTML that comes from user-generated content (HTML, Markdown, AsciiDoc, etc.) on GitHub is sanitized. That process removes all CSS and JavaScript, including style attributes, so there's no way to make the CSS work.
The reason GitHub does this is threefold. First, CSS and JavaScript can pose a security risk. Even though the security impact of JavaScript is more clear, CSS can still be used to hide spammy or inappropriate content which would be indexed by a search engine, and arbitrary CSS could modify or hide other page text that didn't come from the user-generated content.
Second, GitHub has to consider accessibility. They are required by law to provide a service and website which meet accessibility requirements, and in order to do that text must be of a certain size and have a certain contrast, among other policies. Allowing arbitrary colours and sizes or various other styles would make this difficult to practically achieve.
Finally, GitHub wants the service to be appealing, attractive, and usable regardless of the colour scheme in use. Allowing people to set colours might result in something that works great in light mode, but isn't usable in dark mode, or vice versa. Similarly, making text very small might work fine for me, but would not be suitable for an older friend of mine with poorer vision. And letting users pick colours which everyone agrees are hideous would not result in an attractive look.