diff --git a/package-lock.json b/package-lock.json
index 79bcdd8e..f6a9c811 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,7 +13,7 @@
 				"@asciidoctor/core": "2.2.6",
 				"@asciidoctor/docbook-converter": "2.0.0",
 				"@orcid/bibtex-parse-js": "0.0.25",
-				"asciidoctor-kroki": "^0.17.0",
+				"asciidoctor-kroki": "0.18.1",
 				"html-entities": "^2.4.0",
 				"js-yaml": "^4.1.0",
 				"querystring": "^0.2.1",
@@ -49,7 +49,7 @@
 				"gulp": "^4.0.2",
 				"lodash.throttle": "4.1.1",
 				"mathjax": "^2.7.9",
-				"mocha": "9.2.2",
+				"mocha": "10.2.0",
 				"mocha-junit-reporter": "2.2.1",
 				"mocha-multi-reporters": "1.5.1",
 				"path-browserify": "1.0.1",
@@ -702,12 +702,6 @@
 				"url": "https://opencollective.com/typescript-eslint"
 			}
 		},
-		"node_modules/@ungap/promise-all-settled": {
-			"version": "1.1.2",
-			"resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz",
-			"integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==",
-			"dev": true
-		},
 		"node_modules/@vscode/test-electron": {
 			"version": "2.3.4",
 			"resolved": "https://registry.npmjs.org/@vscode/test-electron/-/test-electron-2.3.4.tgz",
@@ -1543,9 +1537,9 @@
 			}
 		},
 		"node_modules/asciidoctor-kroki": {
-			"version": "0.17.0",
-			"resolved": "https://registry.npmjs.org/asciidoctor-kroki/-/asciidoctor-kroki-0.17.0.tgz",
-			"integrity": "sha512-aObUUfAtcfUTjhAP32bgrcoKXLRta57o3V5k+t73FXDKiLi+QfkHE+9+H4mGPTnghXBtiRYzsu7BbVGfTHoQzQ==",
+			"version": "0.18.1",
+			"resolved": "https://registry.npmjs.org/asciidoctor-kroki/-/asciidoctor-kroki-0.18.1.tgz",
+			"integrity": "sha512-eQxbBCaPTbyNoJtk62Gp+6h4LlJp2147g7eS0QIVjqaLpFa8sseH0BlMiBoATrJUYv1w3nR+FTzvloBJ/MioYg==",
 			"dependencies": {
 				"json5": "2.2.3",
 				"mkdirp": "2.1.3",
@@ -1557,7 +1551,7 @@
 				"node": ">=10"
 			},
 			"peerDependencies": {
-				"@asciidoctor/core": "~2.2"
+				"@asciidoctor/core": ">=2.2 <4.0"
 			}
 		},
 		"node_modules/asciidoctor-kroki/node_modules/unxhr": {
@@ -4677,15 +4671,6 @@
 			"integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==",
 			"dev": true
 		},
-		"node_modules/growl": {
-			"version": "1.10.5",
-			"resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz",
-			"integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==",
-			"dev": true,
-			"engines": {
-				"node": ">=4.x"
-			}
-		},
 		"node_modules/gulp": {
 			"version": "4.0.2",
 			"resolved": "https://registry.npmjs.org/gulp/-/gulp-4.0.2.tgz",
@@ -6584,42 +6569,39 @@
 			"optional": true
 		},
 		"node_modules/mocha": {
-			"version": "9.2.2",
-			"resolved": "https://registry.npmjs.org/mocha/-/mocha-9.2.2.tgz",
-			"integrity": "sha512-L6XC3EdwT6YrIk0yXpavvLkn8h+EU+Y5UcCHKECyMbdUIxyMuZj4bX4U9e1nvnvUUvQVsV2VHQr5zLdcUkhW/g==",
+			"version": "10.2.0",
+			"resolved": "https://registry.npmjs.org/mocha/-/mocha-10.2.0.tgz",
+			"integrity": "sha512-IDY7fl/BecMwFHzoqF2sg/SHHANeBoMMXFlS9r0OXKDssYE1M5O43wUY/9BVPeIvfH2zmEbBfseqN9gBQZzXkg==",
 			"dev": true,
 			"dependencies": {
-				"@ungap/promise-all-settled": "1.1.2",
 				"ansi-colors": "4.1.1",
 				"browser-stdout": "1.3.1",
 				"chokidar": "3.5.3",
-				"debug": "4.3.3",
+				"debug": "4.3.4",
 				"diff": "5.0.0",
 				"escape-string-regexp": "4.0.0",
 				"find-up": "5.0.0",
 				"glob": "7.2.0",
-				"growl": "1.10.5",
 				"he": "1.2.0",
 				"js-yaml": "4.1.0",
 				"log-symbols": "4.1.0",
-				"minimatch": "4.2.1",
+				"minimatch": "5.0.1",
 				"ms": "2.1.3",
-				"nanoid": "3.3.1",
+				"nanoid": "3.3.3",
 				"serialize-javascript": "6.0.0",
 				"strip-json-comments": "3.1.1",
 				"supports-color": "8.1.1",
-				"which": "2.0.2",
-				"workerpool": "6.2.0",
+				"workerpool": "6.2.1",
 				"yargs": "16.2.0",
 				"yargs-parser": "20.2.4",
 				"yargs-unparser": "2.0.0"
 			},
 			"bin": {
 				"_mocha": "bin/_mocha",
-				"mocha": "bin/mocha"
+				"mocha": "bin/mocha.js"
 			},
 			"engines": {
-				"node": ">= 12.0.0"
+				"node": ">= 14.0.0"
 			},
 			"funding": {
 				"type": "opencollective",
@@ -6787,29 +6769,6 @@
 			"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
 			"dev": true
 		},
-		"node_modules/mocha/node_modules/debug": {
-			"version": "4.3.3",
-			"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
-			"integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
-			"dev": true,
-			"dependencies": {
-				"ms": "2.1.2"
-			},
-			"engines": {
-				"node": ">=6.0"
-			},
-			"peerDependenciesMeta": {
-				"supports-color": {
-					"optional": true
-				}
-			}
-		},
-		"node_modules/mocha/node_modules/debug/node_modules/ms": {
-			"version": "2.1.2",
-			"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
-			"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
-			"dev": true
-		},
 		"node_modules/mocha/node_modules/escape-string-regexp": {
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
@@ -6941,17 +6900,26 @@
 			}
 		},
 		"node_modules/mocha/node_modules/minimatch": {
-			"version": "4.2.1",
-			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-4.2.1.tgz",
-			"integrity": "sha512-9Uq1ChtSZO+Mxa/CL1eGizn2vRn3MlLgzhT0Iz8zaY8NdvxvB0d5QdPFmCKf7JKA9Lerx5vRrnwO03jsSfGG9g==",
+			"version": "5.0.1",
+			"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
+			"integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
 			"dev": true,
 			"dependencies": {
-				"brace-expansion": "^1.1.7"
+				"brace-expansion": "^2.0.1"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
+		"node_modules/mocha/node_modules/minimatch/node_modules/brace-expansion": {
+			"version": "2.0.1",
+			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+			"integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+			"dev": true,
+			"dependencies": {
+				"balanced-match": "^1.0.0"
+			}
+		},
 		"node_modules/mocha/node_modules/ms": {
 			"version": "2.1.3",
 			"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -7093,9 +7061,9 @@
 			"optional": true
 		},
 		"node_modules/nanoid": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.1.tgz",
-			"integrity": "sha512-n6Vs/3KGyxPQd6uO0eH4Bv0ojGSUvuLlIHtC3Y0kEO23YRge8H9x1GCzLn28YX0H66pMkxuaeESFq4tKISKwdw==",
+			"version": "3.3.3",
+			"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz",
+			"integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==",
 			"dev": true,
 			"bin": {
 				"nanoid": "bin/nanoid.cjs"
@@ -11237,9 +11205,9 @@
 			}
 		},
 		"node_modules/workerpool": {
-			"version": "6.2.0",
-			"resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.0.tgz",
-			"integrity": "sha512-Rsk5qQHJ9eowMH28Jwhe8HEbmdYDX4lwoMWshiCXugjtHqMD9ZbiqSDLxcsfdqsETPzVUtX5s1Z5kStiIM6l4A==",
+			"version": "6.2.1",
+			"resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz",
+			"integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==",
 			"dev": true
 		},
 		"node_modules/wrap-ansi": {
diff --git a/package.json b/package.json
index e7f4f1fd..46f26200 100644
--- a/package.json
+++ b/package.json
@@ -638,7 +638,7 @@
 		"gulp": "^4.0.2",
 		"lodash.throttle": "4.1.1",
 		"mathjax": "^2.7.9",
-		"mocha": "9.2.2",
+		"mocha": "10.2.0",
 		"mocha-junit-reporter": "2.2.1",
 		"mocha-multi-reporters": "1.5.1",
 		"path-browserify": "1.0.1",
@@ -655,7 +655,7 @@
 		"@asciidoctor/core": "2.2.6",
 		"@asciidoctor/docbook-converter": "2.0.0",
 		"@orcid/bibtex-parse-js": "0.0.25",
-		"asciidoctor-kroki": "^0.17.0",
+		"asciidoctor-kroki": "0.18.1",
 		"html-entities": "^2.4.0",
 		"js-yaml": "^4.1.0",
 		"querystring": "^0.2.1",
diff --git a/src/asciidoctorWebViewConverter.ts b/src/asciidoctorWebViewConverter.ts
index c33d05cf..6f65f4ac 100644
--- a/src/asciidoctorWebViewConverter.ts
+++ b/src/asciidoctorWebViewConverter.ts
@@ -53,27 +53,42 @@ const previewStrings = {
 }
 
 /**
+ * @param webviewResourceProvider
  * @param securityLevel
+ * @param krokiServerUrl
  * @param nonce
  */
-function getCspForResource (webviewResourceProvider: WebviewResourceProvider, securityLevel: AsciidocPreviewSecurityLevel, nonce: string): string {
+function getCspForResource (webviewResourceProvider: WebviewResourceProvider, securityLevel: AsciidocPreviewSecurityLevel, krokiServerUrl: string, nonce: string): string {
+  if (securityLevel === AsciidocPreviewSecurityLevel.AllowScriptsAndAllContent) {
+    return '<meta http-equiv="Content-Security-Policy" content="">'
+  }
   const rule = webviewResourceProvider.cspSource
   const highlightjsInlineScriptHash = 'sha256-ZrDBcrmObbqhVV/Mag2fT/y08UJGejdW7UWyEsi4DXw='
+  const rules = {
+    'default-src': ['\'none\''],
+    'img-src': ['\'self\'', rule, 'https:', 'data:', krokiServerUrl],
+    'object-src': ['\'self\'', rule, 'https:', 'data:', krokiServerUrl],
+    'media-src': ['\'self\'', rule, 'https:', 'data:', krokiServerUrl],
+    'script-src': [`'nonce-${nonce}'`, `'${highlightjsInlineScriptHash}'`, 'https://*.vscode-cdn.net/'],
+    'style-src': ['\'self\'', rule, '\'unsafe-inline\'', 'data:'],
+    'font-src': ['\'self\'', rule, 'https:', 'data:', 'about:'],
+  }
   // add font-src about: as a workaround: https://github.com/mathjax/MathJax/issues/256#issuecomment-37990603
-  switch (securityLevel) {
-    case AsciidocPreviewSecurityLevel.AllowInsecureContent:
-      return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} http: https: data:; media-src 'self' ${rule} http: https: data:; script-src 'nonce-${nonce}' '${highlightjsInlineScriptHash}' https://*.vscode-cdn.net/; style-src 'self' ${rule} 'unsafe-inline' http: https: data:; font-src 'self' ${rule} http: https: data: about:;">`
-
-    case AsciidocPreviewSecurityLevel.AllowInsecureLocalContent:
-      return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; media-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:*; script-src 'nonce-${nonce}' '${highlightjsInlineScriptHash}' https://*.vscode-cdn.net/; style-src 'self' ${rule} 'unsafe-inline' https: data: http://localhost:* http://127.0.0.1:*; font-src 'self' ${rule} https: data: http://localhost:* http://127.0.0.1:* about:;">`
-
-    case AsciidocPreviewSecurityLevel.AllowScriptsAndAllContent:
-      return '<meta http-equiv="Content-Security-Policy" content="">'
-
-    case AsciidocPreviewSecurityLevel.Strict:
-    default:
-      return `<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self' ${rule} https: data:; media-src 'self' ${rule} https: data:; script-src 'nonce-${nonce}' '${highlightjsInlineScriptHash}' https://*.vscode-cdn.net/; style-src 'self' ${rule} 'unsafe-inline' https: data:; font-src 'self' ${rule} https: data: about:;">`
+  if (securityLevel === AsciidocPreviewSecurityLevel.AllowInsecureContent) {
+    // allow "insecure" content (http protocol)
+    rules['img-src'] = [...rules['img-src'], 'http:']
+    rules['object-src'] = [...rules['img-src'], 'http:']
+    rules['media-src'] = [...rules['img-src'], 'http:']
+    rules['style-src'] = [...rules['img-src'], 'http:']
+    rules['font-src'] = [...rules['img-src'], 'http:']
+  } else if (securityLevel === AsciidocPreviewSecurityLevel.AllowInsecureLocalContent) {
+    rules['img-src'] = [...rules['img-src'], 'http://localhost:*', 'http://127.0.0.1:*']
+    rules['object-src'] = [...rules['img-src'], 'http://localhost:*', 'http://127.0.0.1:*']
+    rules['media-src'] = [...rules['img-src'], 'http://localhost:*', 'http://127.0.0.1:*']
+    rules['style-src'] = [...rules['img-src'], 'http://localhost:*', 'http://127.0.0.1:*']
+    rules['font-src'] = [...rules['img-src'], 'http://localhost:*', 'http://127.0.0.1:*']
   }
+  return `<meta http-equiv="Content-Security-Policy" content="${Object.entries(rules).map(([key, values]) => `${key} ${values.join(' ')}`).join('; ')}">`
 }
 
 function escapeAttribute (value: string | vscode.Uri): string {
@@ -142,7 +157,7 @@ export class AsciidoctorWebViewConverter {
       // Content Security Policy
       const nonce = new Date().getTime() + '' + new Date().getMilliseconds()
       const webviewResourceProvider = this.webviewResourceProvider
-      const csp = getCspForResource(webviewResourceProvider, this.securityLevel, nonce)
+      const csp = getCspForResource(webviewResourceProvider, this.securityLevel, this.krokiServerUrl, nonce)
       const syntaxHighlighter = node.$syntax_highlighter()
       let assetUriScheme = node.getAttribute('asset-uri-scheme', 'https')
       if (assetUriScheme.trim() !== '') {
diff --git a/test-workspace/diagrams.adoc b/test-workspace/diagrams.adoc
new file mode 100644
index 00000000..1f555958
--- /dev/null
+++ b/test-workspace/diagrams.adoc
@@ -0,0 +1,43 @@
+= Diagrams
+:kroki-server-url: http://localhost:8000
+// The `kroki-server-url` attribute must be defined as a document attribute
+// https://docs.asciidoctor.org/asciidoc/latest/attributes/custom-attributes/ must be placed at the top of the asciidoc file
+
+[plantuml,align=center]
+....
+Alice -> Bob: Authentication Request
+Bob --> Alice: Authentication Response
+
+Alice -> Bob: Another authentication Request
+Alice <-- Bob: Another authentication Response
+....
+
+
+[d2,width=450,align=center]
+....
+D2 Parser: {
+  shape: class
+
+  # Default visibility is + so no need to specify.
+  +reader: io.RuneReader
+  readerPos: d2ast.Position
+
+  # Private field.
+  -lookahead: "[]rune"
+
+  # Protected field.
+  # We have to escape the # to prevent the line from being parsed as a comment.
+  \#lookaheadPos: d2ast.Position
+
+  +peek(): (r rune, eof bool)
+  rewind()
+  commit()
+
+  \#peekn(n int): (s string, eof bool)
+}
+
+"github.com/terrastruct/d2parser.git" -> D2 Parser
+....
+
+
+NOTE: We are using a local instance of Kroki!
diff --git a/test-workspace/plantuml.adoc b/test-workspace/plantuml.adoc
deleted file mode 100644
index c5732d42..00000000
--- a/test-workspace/plantuml.adoc
+++ /dev/null
@@ -1,13 +0,0 @@
-// The plantuml-server-url property must be placed at the top of the asciidoc file
-// You can use a local plant uml server: https://github.com/plantuml/plantuml-server
-
-:plantuml-server-url: http://www.plantuml.com/plantuml
-
-[plantuml]
-....
-Alice -> Bob: Authentication Request
-Bob --> Alice: Authentication Response
-
-Alice -> Bob: Another authentication Request
-Alice <-- Bob: Another authentication Response
-....