I recently upgraded from Anki 24.11 to 25.02.1 on Windows.
Previously, I could embed videos and inline SVGs directly into Basic cards by pasting raw HTML (for example, an <iframe> for YouTube or an inline SVG block with custom attributes).
However, as soon as I open a card to preview or edit in the new version 25.02.1, any <iframe> element is automatically removed (with no undo) with no warning, and harmless SVG attributes (such as id , version, fill on <text> elements but also HTML comments and other things) are stripped out.
Expected behavior
- I should be able to include
<iframe>embeds (e.g. YouTube) in my card fields without them being stripped as soon as editing/previewing them. I know this removal already happens for JS script tags for security reasons, but this seems unjustified and breaks backward compatibility. - SVG code and its attributes/HTML code comments should be preserved, as they were in Anki 24.11.
Actual behavior (examples)
- Iframe stripped to empty:
- Original field:
<iframe width="849" height="478" src="https://www.youtube.com/embed/QZwneRb-zqA?start=731" title="Exploring How Computers Work" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen=""></iframe>
- After opening in 25.02.1:
(no content ā iframe completely removed) - Another iframe completely removed:
- Original:
<iframe src="https://www.h-schmidt.net/FloatConverter/IEEE754.html" width="1100" height="430"></iframe>
- Stripped:
(removed entirely) - Inline SVG attributes reordered/stripped and comments removed:
- Original SVG block:
<svg style="filter: drop-shadow(0px 0px 20px rgba(255,255,255,.4));" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="900" height="400" viewBox="0 0 1000 500" stroke="black" stroke-width="1" fill="black" font-family="DejaVu Sans,sans-serif" font-stretch="condensed" font-size="33px">
<rect id="box" x="0" y="-40" width="50" height="50" fill="white"></rect>
<!-- logo graphic -->
</svg>
- After in 25.02.1:
<svg font-size="33px" font-stretch="condensed" font-family="DejaVu Sans,sans-serif" fill="black" stroke-width="1" stroke="black" viewBox="0 0 1000 500" height="400" width="900" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="filter: drop-shadow(0px 0px 20px rgba(255,255,255,.4));">
<rect fill="white" height="50" width="50" y="-40" x="0" id="box"></rect>
</svg>
I attached surther examples as screenshots below on WinMerge between the previous and current deck with partially stripped content from the cards I previewed before discovering the problem.
What Iāve tried
- Downgrading to 24.11 (restores previous behavior but isnāt viable longāterm).
- Reviewing the 25.02.1 release notes on GitHub (Release 25.02.1 Ā· ankitects/anki Ā· GitHub), which only mention stripping JavaScript handlers (iframes arenāt JS, so this feels unrelated).
Questions / Help
- Was removing
<iframe>tags and inline SVG attributes introduced intentionally in 25.02.1 for security reasons? - Is there a recommended way to keep embedding videos and preserving SVGs?
- Could Anki offer a whitelist or a preference to allow trusted HTML tags like
<iframe>?
My decks rely heavily on embedded, and Iād love to find a way to continue using these features in the latest Anki releases without losing my work.
