Diagrams in SVG format can introduce XSS security issues, as they can have Javascript inside.

In this version a plugin setting has been added to allow to choose how svg images are displayed:

• if svg is disabled, they are rendered as a base64 svg (hyperlinks not working)
• if svg is enabled, they are rendered as inline svg, but they are vulnerable to XSS issues (mitigated, but not eliminated)

See the README.md for more details. Many thanks to @maudov for pointing me to this important issue.