Hi @torjunkie, I confirm this is due to the Content Security Policy.
The page appears to try and add this little PDF logo from WikiMedia when a .pdf is linked to:
The CSP blocks that (on purpose).
Whilst whitelisting upload.wikimedia.org briefly in order to prove the point, I realised that when on .onion, the above URL actually is converted to http:// because of the http:// in the .onion. So this would actually break encryption for onion visitors if we were to whitelist it. I could try and rewrite the page content on the page response but it’s a bit fiddly for such a minor thing. Moreover, Patrick wanted external resources blocked in the CSP on purpose (in case someone somehow embeds an asset that has legal implications etc)
Disable the icon by using this method (if it works): https://en.wikipedia.org/wiki/Help:External_link_icons#Hiding_link_icons
Whitelist the upload.wikimedia .org in the CSP (if @Patrick wants that policy change), but only on the whonix.org site, not on the .onion
Let me know what you and Patrick want to do. 1) is probably the easiest win, but requires some discipline from the page editors to remember to use the ‘plainlinks’ class when linking to external resources like PDFs.