v1.0.17

v1.0.17

Inline Visualizer v2.0.0

Added

• Live streaming renderer. The tool mounts an empty wrapper and the model emits HTML/SVG between plain-text @@@VIZ-START / @@@VIZ-END markers in its response. A same-origin iframe observer tails the parent chat DOM and paints content into the iframe as tokens arrive. First elements render within ~50ms of the opening marker.
• Safe-cut HTML parser. Tracks the HTML tokenizer state across TEXT / TAG / ATTR / script-data-escape / CDATA transitions, flushing the longest valid prefix on each chunk. Lets the reconciler render partial markup (<svg><rect/><g> renders mid-stream) without breaking on unclosed tags.
• Incremental rendering. Parses each safe-cut into a detached tree and walks in parallel with the live tree, appending only new nodes. Existing element nodes never re-mount — animations don't retrigger, scroll position holds, zero flicker.
• Streaming fade-in animation. Newly-complete elements fade in (500ms ease-out) as the reconciler appends them.
• Script execution chain. External <script src> and inline scripts serialized through a Promise chain. Inline consumers await onload of every previously-queued external script. Chart, d3, vega-embed etc. are guaranteed defined before consumer code runs.
• FNV-1a content-hashed script dedup. Reconciler branches that hit the same script body across different tree shapes execute it only once — prevents redeclared consts, rebound classes, and double-wired listeners.
• Six new JS bridges.
  • sendPrompt(text) — submits text as a user message in the chat. Turns any node into a conversational drill-down.
  • openLink(url) — opens url in a new tab (bypasses iframe sandbox weirdness on anchor clicks).
  • copyText(text[, silent]) — async Clipboard API with execCommand('copy') fallback for sandboxed iframes. Fires a localized "Copied" toast automatically unless silent=true.
  • toast(msg, kind) — top-right auto-dismissing banner. kind: success (default) / info / warn / error. Stacks vertically on rapid firing, dismisses after ~2.2s.
  • saveState(key, value) — parent.localStorage proxy scoped to the assistant message ID. JSON-serialized.
  • loadState(key, fallback) — reads what saveState wrote. Silent no-op / returns fallback if localStorage is blocked.
• Done toast + optional chime. Localized "Visualization ready" toast fires in the top-right on finalize; a soft three-note C-major arpeggio plays on Web Audio sine oscillators. Only fires on witnessed live streams — rehydrated/refreshed completed messages stay silent.
• chime valve. Off-switchable. When disabled, the chime script is stripped from the iframe entirely rather than shipped as a silent no-op (~1KB saved per visualization).
• Full localization coverage. 230 translated strings across 46 languages — download tooltip, loader label, "Copied" toast, "Visualization ready" toast, "Streaming visualization unavailable" notice. Auto-detected from <html data-iv-lang> (baked server-side via __event_call__), parent localStorage.locale, and navigator.language.
• 9-ramp color system. Purple / teal / coral / pink / gray / blue / green / amber / red — each with fill / stroke / text variants that auto-swap for light/dark mode via .c-{ramp} classes on <g> elements.
• SVG utility classes. .t / .ts / .th text, .box / .node / .arr / .leader shapes. Injected with every iframe.
• Theme CSS variable aliases. Dozens of alias tokens (--bg, --fg, --surface, --border, --primary, --accent, …) catch hallucinated variable names so models that hardcode common names get correct theme behavior instead of broken styling.
• Auto theme detection. Detects parent document theme via class, data-theme, or colorScheme. MutationObserver tracks live theme changes and re-themes Chart.js instances on switch. Falls back to prefers-color-scheme when same-origin access is unavailable.
• Loader indicator. Three pulsing dots + localized "Rendering visualization…" label, displayed below the render area until the first content chunk arrives or finalize fires.
• Download-as-HTML button. Top-right button exports the rendered visualization as a self-contained .html file. Handles iOS / iPadOS edge cases (deferred click, PWA back-button preservation, 60s "Load failed" error suppression).
• Height auto-reporting. Reports iframe content height to parent via postMessage. Handles <details> toggles, dynamic content swaps, and SVG viewBox overflow. Loop-guarded to stop after 3+ consecutive small monotonic increases.
• Axis label de-overlap. Post-render walker detects dense rows of SVG axis labels and staggers every other one by 18px if they overlap. Opt-out via data-no-stagger on the <svg>.
• Print handler for Chart.js canvases. beforeprint/afterprint listeners mutate and restore inline canvas styles that CSS max-width can't override in Chrome's print engine.
• 30-second idle-finalize fallback. If @@@VIZ-END never arrives (user stopped generation / model forgot to close the block / network died), finalize fires after 30s of completely stable source text. Window is deliberately longer than any realistic inter-chunk stall.

v1.0.16

v1.0.16

Inline Visualizer v1.5.0

Added

• HTML download button — small download icon in the top-right corner of every visualization. Click to save the visualization as a self-contained HTML file that can be opened in any browser and printed to PDF. The download button is automatically removed from the saved file for a clean output.
• Localized download tooltip — detected via Open WebUI's locale settings using __event_call__ execute(). Falls back to browser language for standalone HTML files. Supports 45 languages.
• Print-friendly exported HTML — downloaded files include @media print styles and a beforeprint JS handler that scales Chart.js canvases to fit the page width. Works in both portrait and landscape without manual zoom adjustment.
• data-no-stagger opt-out — add data-no-stagger to any <svg> element to disable the automatic axis-label overlap fix for that diagram.
• <title> tag — rendered documents now include a <title> based on the visualization title, giving downloaded files meaningful browser tab names and default filenames.

Changed

• render_visualization is now async — uses __event_call__ to detect the user's UI language before building the HTML. Per Open WebUI best practices for tools.
• Tightened security-level documentation — developer reference, class docstring, and valve description now accurately state that scripts are always allowed (required for Chart.js/D3), strict mode blocks outbound fetch/XHR (not all script execution), and URL parameter stripping is query-only hygiene, not a hard exfiltration control.
• _sanitize_content hardened — wrapper tags (<!DOCTYPE>, <html>, <head>, <body>, <meta>) are now only stripped at document start/end boundaries, not globally. Identical tokens inside JS strings or template literals are preserved.

Fixed

• iOS download handling — blob downloads on iOS use setTimeout(0) deferral with window.onerror and unhandledrejection suppression for the "Load failed" TypeError. target="_blank" is never set on iOS to prevent PWA navigation lock.
• safe_lang locale parsing — zh-CN now correctly resolves to zh instead of zhcn by splitting on - before stripping non-alpha characters.
• Filename length cap — download filenames are capped at 200 characters to stay within the Windows 255-char filesystem limit.
• JS syntax error from \n in Python string — '<!DOCTYPE html>\n' in a Python triple-quoted string was output as a literal newline inside a JS single-quoted string, causing a SyntaxError that broke the entire script block.

v1.0.15

v1.0.15

Inline Visualizer v1.4.3

Added

• Added a MutationObserver (childList + subtree) to re-trigger iframe height measurement when AI-generated SPAs swap page content via innerHTML, fixing the issue where the iframe height was measured once on load and never updated during navigation.
• Even stronger language for preventing the AI of repeating HTML code after calling the tool

v1.0.14

v1.0.14

Inline Visualizer v1.4.2

Added

• Added MORE defensive guards against common AI-generated HTML issues: a feedback-loop detector that stops iframe height from growing infinitely and CSS variable aliases preventing dark-mode-only fallback colors from rendering in light mode.

v1.0.13

v1.0.13

Inline Visualizer v1.4.1

Added

• Added defensive guards against common AI-generated HTML issues: a feedback-loop detector that stops iframe height from growing infinitely when content uses viewport-relative units like 100vh, and CSS variable aliases (--foreground, --surface-1, --muted-foreground, --border, etc.) that map hallucinated shadcn/Tailwind variable names to the real design system, preventing dark-mode-only fallback colors from rendering in light mode.

v1.0.12

v1.0.12

MCP App Bridge v0.5.0

Added

• Sends prompt together with Rich UI back to the AI model to steer chat behaviour better

Inline Visualizer v1.4.0

Added

• Sends prompt together with Rich UI back to the AI model to steer chat behaviour better

v1.0.11

v1.0.11

MCP App Bridge v0.4.2

Added

• Further improvements to the tool prompts for the model to more intuitively use the tools available.

v1.0.10

v1.0.10

MCP App Bridge v0.4.1

Added

• Further improvements to the tool prompts for the model to more intuitively use the tools available.

v1.0.9

v1.0.9

MCP App Bridge v0.4.0

Added

• Honor maxHeight from tool _meta.ui metadata — apps using height:100% / flex layouts (e.g. DICOM viewer) now render at the correct size instead of collapsing to their intrinsic content height
• Inject min-height CSS on html,body when maxHeight is declared by the server, so flex-based apps get a proper container to expand into
• Use maxHeight as a floor in the auto-height reporting script — if scrollHeight is smaller than maxHeight, report maxHeight to the parent frame
• New _extract_ui_meta() helper to read the full _meta.ui dict from tool definitions

Changed

• Tool class docstring now instructs the model to check list_mcp_tools when the user references a capability it doesn't natively have list_mcp_tools docstring updated to explicitly say "call this first" for unfamiliar capabilities
• Refactored _extract_ui_resource_uri() to use _extract_ui_meta() internally

v1.0.8

v1.0.8

MCP App Bridge v0.3.0

Added

• AppBridge shim: dispatches ui/notifications/tool-result as a synthetic MessageEvent per the MCP Apps spec, so apps built with the official AppBridge SDK work out of the box
• Includes structuredContent when the tool result is valid JSON
• Works without iframe same-origin — no parent page access needed