PlantUML for GitHub

Tracking since May 15, 2026.

Changelog

• May 21, 2026
  description

  PlantUML for GitHub
  
  A Chrome extension that renders "plantuml" code blocks directly on GitHub pages, using the TeaVM-compiled PlantUML engine that runs entirely client-side.
  
  Hosted at https://github.com/plantuml/plantuml-for-github
  
  No server. No tokens. No tracking. Zero permissions.
  
  HOW IT WORKS
  
  1. The extension's content script scans every GitHub page for "plantuml" code blocks.
  2. Each block is replaced with a sandboxed "<iframe>" packaged inside the extension.
  3. The iframe loads the TeaVM-compiled "plantuml.js" engine and renders the diagram to SVG.
  4. The result is displayed inline in the page, inside a small wrapper with a header bar.
  5. The header bar shows a toggle button (top-left of the wrapper) that switches between the rendered diagram and the original PlantUML source. The source view uses GitHub's own syntax highlighting, so it looks exactly as it would without the extension installed.
  
  This is the same architecture GitHub already uses for Mermaid — proving that client-side PlantUML can be integrated natively with zero infrastructure cost.
  
  
  SECURITY AND PERMISSIONS
  
  The extension declares "zero Chrome permissions" (no host permissions, no
  storage, no tabs API). It only ships a content script scoped to github.com
  and a packaged renderer page.
  
  One thing worth calling out is the extension's Content Security Policy. The
  Manifest V3 default CSP for extension pages is essentially "script-src 'self'",
  which blocks WebAssembly. We need to relax it slightly to enable WebAssembly.
  
  Why? PlantUML renders sequence diagrams directly to SVG, but anything that
  needs graph layout — class, component, deployment, state, use-case, and
  activity diagrams — is laid out by the embedded Graphviz engine, which
  ships as a WebAssembly module (viz-global.js). Instantiating that module
  requires the 'wasm-unsafe-eval' CSP source.
  
  'wasm-unsafe-eval' is a narrowly scoped directive: despite the scary name,
  it ONLY allows WebAssembly compilation and instantiation. It does NOT
  re-enable "eval()" or "new Function()" — those remain blocked. No remote
  scripts can be loaded either; "script-src 'self'" still applies. Google
  documents this directive as the supported way to ship WASM in MV3 extensions.
  
  In short: the engine runs entirely inside a sandboxed iframe with an opaque
  origin, with no network access and no shared state with the host page.
  
  ROADMAP
  
  - [x] MVP: detect and render plantuml blocks
  - [ ] Firefox support (Manifest V3 is now supported in Firefox)
  - [ ] "Copy SVG" / "Copy source" buttons
  - [x] Theme matching (light/dark) — follows GitHub's color mode
  - [x] Support puml and wsd language aliases
  - [ ] Options page (toggle, performance settings)
  - [ ] Chrome Web Store publication
  
  WHY THIS EXTENSIONS EXISTS
  
  PlantUML support on GitHub has been requested for 4+ years: https://github.com/orgs/community/discussions/10111
  
  The main blocker was performance and infrastructure cost. With the TeaVM-compiled engine, that blocker no longer exists.
  This extension demonstrates that PlantUML can run natively on GitHub.com with zero server-side changes — using the exact same sandbox pattern GitHub uses for Mermaid.
  
  If you'd like to see this integrated natively, please upvote the discussion: https://github.com/orgs/community/discussions/10111
  
  
  PRIVACY
  
  Zero permissions. Zero tracking. Zero network requests.
  Everything runs locally in a sandboxed iframe.
  
  LINKS
  
  Source code: https://github.com/plantuml/plantuml-for-github
  Discussion:  https://github.com/orgs/community/discussions/10111
  
  
  LICENSE: MIT

  PlantUML for GitHub
  
  A Chrome extension that renders "plantuml" code blocks directly on GitHub pages, using the TeaVM-compiled PlantUML engine that runs entirely client-side.
  
  Hosted at https://github.com/plantuml/plantuml-for-github
  
  No server. No tokens. No tracking. Zero permissions.
  
  HOW IT WORKS
  
  1. The extension's content script scans every GitHub page for "plantuml" code blocks.
  2. Each block is replaced with a sandboxed "<iframe>" packaged inside the extension.
  3. The iframe loads the TeaVM-compiled "plantuml.js" engine and renders the diagram to SVG.
  4. The result is displayed inline in the page, inside a small wrapper with a header bar.
  5. The header bar shows a toggle button (top-left of the wrapper) that switches between the rendered diagram and the original PlantUML source. The source view uses GitHub's own syntax highlighting, so it looks exactly as it would without the extension installed.
  
  This is the same architecture GitHub already uses for Mermaid — proving that client-side PlantUML can be integrated natively with zero infrastructure cost.
  
  
  SECURITY AND PERMISSIONS
  
  Minimal Permissions: It requires no host permissions, storage, or tabs API. The only declared permission is clipboardWrite, which is strictly used to power the user-triggered "Copy as Bitmap" button, allowing the generated diagram to be copied directly to the clipboard.
  
  One thing worth calling out is the extension's Content Security Policy. The
  Manifest V3 default CSP for extension pages is essentially "script-src 'self'",
  which blocks WebAssembly. We need to relax it slightly to enable WebAssembly.
  
  Why? PlantUML renders sequence diagrams directly to SVG, but anything that
  needs graph layout — class, component, deployment, state, use-case, and
  activity diagrams — is laid out by the embedded Graphviz engine, which
  ships as a WebAssembly module (viz-global.js). Instantiating that module
  requires the 'wasm-unsafe-eval' CSP source.
  
  'wasm-unsafe-eval' is a narrowly scoped directive: despite the scary name,
  it ONLY allows WebAssembly compilation and instantiation. It does NOT
  re-enable "eval()" or "new Function()" — those remain blocked. No remote
  scripts can be loaded either; "script-src 'self'" still applies. Google
  documents this directive as the supported way to ship WASM in MV3 extensions.
  
  In short: the engine runs entirely inside a sandboxed iframe with an opaque
  origin, with no network access and no shared state with the host page.
  
  ROADMAP
  
  - [x] MVP: detect and render plantuml blocks
  - [x] Firefox support (Manifest V3 is now supported in Firefox)
  - [x] "Copy as Bitmap" buttons
  - [x] Theme matching (light/dark) — follows GitHub's color mode
  - [x] Support puml and wsd language aliases
  - [ ] Options page (toggle, performance settings)
  - [x] Chrome Web Store publication
  
  WHY THIS EXTENSIONS EXISTS
  
  PlantUML support on GitHub has been requested for 4+ years: https://github.com/orgs/community/discussions/10111
  
  The main blocker was performance and infrastructure cost. With the TeaVM-compiled engine, that blocker no longer exists.
  This extension demonstrates that PlantUML can run natively on GitHub.com with zero server-side changes — using the exact same sandbox pattern GitHub uses for Mermaid.
  
  If you'd like to see this integrated natively, please upvote the discussion: https://github.com/orgs/community/discussions/10111
  
  
  PRIVACY
  
  Zero permissions. Zero tracking. Zero network requests.
  Everything runs locally in a sandboxed iframe.
  
  LINKS
  
  Source code: https://github.com/plantuml/plantuml-for-github
  Discussion:  https://github.com/orgs/community/discussions/10111
  
  
  LICENSE: MIT

• May 21, 2026
  permissions

  (empty)

  clipboardWrite

Permissions & access

Permissions

clipboardWrite

Host access

None declared

Screenshots