PlantUML for GitHub

Renders plantuml code blocks directly on GitHub pages using the client-side TeaVM-compiled PlantUML engine.

PlantUML for GitHub A Chrome extension that renders "plantuml" code blocks directly on GitHub pages, using the TeaVM-compiled PlantUML engine that runs entirely client-side. Hosted at https://github.com/plantuml/plantuml-for-github No server. No tokens. No tracking. Zero permissions. HOW IT WORKS 1. The extension's content script scans every GitHub page for "plantuml" code blocks. 2. Each block is replaced with a sandboxed "<iframe>" packaged inside the extension. 3. The iframe loads the TeaVM-compiled "plantuml.js" engine and renders the diagram to SVG. 4. The result is displayed inline in the page, inside a small wrapper with a header bar. 5. The header bar shows a toggle button (top-left of the wrapper) that switches between the rendered diagram and the original PlantUML source. The source view uses GitHub's own syntax highlighting, so it looks exactly as it would without the extension installed. This is the same architecture GitHub already uses for Mermaid — proving that client-side PlantUML can be integrated natively with zero infrastructure cost. SECURITY AND PERMISSIONS The extension declares "zero Chrome permissions" (no host permissions, no storage, no tabs API). It only ships a content script scoped to github.com and a packaged renderer page. One thing worth calling out is the extension's Content Security Policy. The Manifest V3 default CSP for extension pages is essentially "script-src 'self'", which blocks WebAssembly. We need to relax it slightly to enable WebAssembly. Why? PlantUML renders sequence diagrams directly to SVG, but anything that needs graph layout — class, component, deployment, state, use-case, and activity diagrams — is laid out by the embedded Graphviz engine, which ships as a WebAssembly module (viz-global.js). Instantiating that module requires the 'wasm-unsafe-eval' CSP source. 'wasm-unsafe-eval' is a narrowly scoped directive: despite the scary name, it ONLY allows WebAssembly compilation and instantiation. It does NOT re-enable "eval()" or "new Function()" — those remain blocked. No remote scripts can be loaded either; "script-src 'self'" still applies. Google documents this directive as the supported way to ship WASM in MV3 extensions. In short: the engine runs entirely inside a sandboxed iframe with an opaque origin, with no network access and no shared state with the host page. ROADMAP - [x] MVP: detect and render plantuml blocks - [ ] Firefox support (Manifest V3 is now supported in Firefox) - [ ] "Copy SVG" / "Copy source" buttons - [x] Theme matching (light/dark) — follows GitHub's color mode - [x] Support puml and wsd language aliases - [ ] Options page (toggle, performance settings) - [ ] Chrome Web Store publication WHY THIS EXTENSIONS EXISTS PlantUML support on GitHub has been requested for 4+ years: https://github.com/orgs/community/discussions/10111 The main blocker was performance and infrastructure cost. With the TeaVM-compiled engine, that blocker no longer exists. This extension demonstrates that PlantUML can run natively on GitHub.com with zero server-side changes — using the exact same sandbox pattern GitHub uses for Mermaid. If you'd like to see this integrated natively, please upvote the discussion: https://github.com/orgs/community/discussions/10111 PRIVACY Zero permissions. Zero tracking. Zero network requests. Everything runs locally in a sandboxed iframe. LINKS Source code: https://github.com/plantuml/plantuml-for-github Discussion: https://github.com/orgs/community/discussions/10111 LICENSE: MIT