Nov 5 2020
Jun 30 2016
Jun 29 2016
Just FYI: I've opened a request at draw.io's support site and asked them to join this discussion. The ticket itself is private so I can't provide a link, but I'll keep you posted.
@RobLa-WMF, I completely unterstand that you're having security concerns, although I think they're only valid for wiki installations with untrusted users. In a closed setup where only trusted people can upload, these concerns may be a minimal risk or even a non-issue, and the minimal checks you currently do (i.e. no iframe) may be more than good enough. In fact I've originally created the extension for such an environment.