Baidu's javascript cdn is being Hack by national firewall, inject these JS attack script. If other webseit include some javascript library from Baidu's javascript CDN will automatically run JS script that will DDOS attack Github. The attack JS script is here:
Github notice that, it replace that DDOS http request respond with a alert("WARNING: malicious javascript detected on this domain").
That is why some Chinese guy gets a weird pop-up with English text when visiting Chinese websites.