Plantuml For Github
View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
PlantUML for GitHub
A Chrome extension that renders "plantuml" code blocks directly on GitHub pages, using the TeaVM-compiled PlantUML engine that runs entirely client-side.
Hosted at https://github.com/plantuml/plantuml-for-github
No server. No tokens. No tracking. Zero permissions.
HOW IT WORKS
1. The extension's content script scans every GitHub page for "plantuml" code blocks.
2. Each block is replaced with a sandboxed "<iframe>" packaged inside the extension.
3. The iframe loads the TeaVM-compiled "plantuml.js" engine and renders the diagram to SVG.
4. The result is displayed inline in the page, inside a small wrapper with a header bar.
5. The header bar shows a toggle button (top-left of the wrapper) that switches between the rendered diagram and the original PlantUML source. The source view uses GitHub's own syntax highlighting, so it looks exactly as it would without the extension installed.
This is the same architecture GitHub already uses for Mermaid — proving that client-side PlantUML can be integrated natively with zero infrastructure cost.
SECURITY AND PERMISSIONS
Minimal Permissions: It requires no host permissions, storage, or tabs API. The only declared permission is clipboardWrite, which is strictly used to power the user-triggered "Copy as Bitmap" button, allowing the generated diagram to be copied directly to the clipboard.
One thing worth calling out is the extension's Content Security Policy. The
Manifest V3 default CSP for extension pages is essentially "script-src 'self'",
which blocks WebAssembly. We need to relax it slightly to enable WebAssembly.
Why? PlantUML renders sequence diagrams directly to SVG, but anything that
needs graph layout — class, component, deployment, state, use-case, and
activity diagrams — is laid out by the embedded Graphviz engine, which
ships as a WebAssembly module (viz-global.js). Instantiating that module
requires the 'wasm-unsafe-eval' CSP source.
'wasm-unsafe-eval' is a narrowly scoped directive: despite the scary name,
it ONLY allows WebAssembly compilation and instantiation. It does NOT
re-enable "eval()" or "new Function()" — those remain blocked. No remote
scripts can be loaded either; "script-src 'self'" still applies. Google
documents this directive as the supported way to ship WASM in MV3 extensions.
In short: the engine runs entirely inside a sandboxed iframe with an opaque
origin, with no network access and no shared state with the host page.
ROADMAP
- [x] MVP: detect and render plantuml blocks
- [x] Firefox support (Manifest V3 is now supported in Firefox)
- [x] "Copy as Bitmap" buttons
- [x] Theme matching (light/dark) — follows GitHub's color mode
- [x] Support puml and wsd language aliases
- [ ] Options page (toggle, performance settings)
- [x] Chrome Web Store publication
WHY THIS EXTENSIONS EXISTS
PlantUML support on GitHub has been requested for 4+ years: https://github.com/orgs/community/discussions/10111
The main blocker was performance and infrastructure cost. With the TeaVM-compiled engine, that blocker no longer exists.
This extension demonstrates that PlantUML can run natively on GitHub.com with zero server-side changes — using the exact same sandbox pattern GitHub uses for Mermaid.
If you'd like to see this integrated natively, please upvote the discussion: https://github.com/orgs/community/discussions/10111
PRIVACY
Zero permissions. Zero tracking. Zero network requests.
Everything runs locally in a sandboxed iframe.
LINKS
Source code: https://github.com/plantuml/plantuml-for-github
Discussion: https://github.com/orgs/community/discussions/10111
LICENSE: MIT
Tags
Privacy Practices
🔐 Security Analysis
This extension hasn't been security-scanned yet.