Allowing javascript from third parties directly on a website has huge XSS attacks implications. Someone could use javascript code for example to grab the cookies associated to any visitor's github accounts and forward them to a malicious entity.

直接在网站上允许来自第三方的 javascript 具有巨大的 XSS 攻击影响。例如，有人可以使用 javascript 代码获取与任何访问者的 github 帐户相关联的 cookie，并将其转发给恶意实体。

There's also the nuisance potential, as having access to javascript means having access to the CPU of the visitor and being able to do things like pop-ups or blinking text.

还有潜在的麻烦，因为访问 javascript 意味着可以访问访问者的 CPU 并能够执行诸如弹出窗口或闪烁文本之类的操作。

As such it's natural that javascript isn't supported in READMEs. Markdown mayhave a way of doing it, but it'll never be allowed on a website like GitHub.

因此，自述文件中不支持 javascript 是很自然的。Markdown可能有办法做到这一点，但它永远不会在像 GitHub 这样的网站上被允许。

However, you can do it on your project's github page, if you have one, since it doesn't belong to the main github website and the domain is not the same.

但是，您可以在项目的github 页面上执行此操作，如果您有的话，因为它不属于主要 github 网站并且域也不相同。

As a follow up to coyotte508's answer (sorry, not enough points to reply directly):

作为coyotte508的回答的后续（抱歉，积分不够直接回复）：

If Github were to enable such a feature they could use iFrames as an effective measure against XSS in the same way ReadTheDocs does.

如果 Github 启用这样的功能，他们可以像 ReadTheDocs 一样使用 iFrames 作为对抗 XSS 的有效措施。

EDIT: Also you might want to check out readthedocs.org as an alternative to a Github README.md. They support embedding javascript in rst files.

编辑：您也可能想查看 readthedocs.org 作为 Github README.md 的替代品。它们支持在 rst 文件中嵌入 javascript。