Update svgWhiteList in sanitize.js to include 'font-stretch' for rele…

[shfshanyue]

PR description

Adds font-stretch to the sanitizer whitelist (svgWhiteList_) so the attribute is kept when SVG is sanitized, instead of being stripped.

Checklist

Note that we require UI tests to ensure that the added feature will not be
nixed by some future fix and that there is at least some test-as-documentation
to indicate how the fix or enhancement is expected to behave.

• - Added Cypress UI tests
• - Ran npm test, ensuring linting passes and that Cypress UI tests keep
  coverage to at least the same percent (reflected in the coverage badge
  that should be updated after the tests run)
• - Added any user documentation. Though not required, this can be a big
  help both for future users and for the PR reviewer.

Summary by Sourcery

Bug Fixes:

• Keep the font-stretch attribute when sanitizing g, symbol, text, and tspan SVG elements instead of stripping it.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Extends the SVG sanitizer whitelist to preserve the font-stretch attribute on several text-related elements so it is not stripped during sanitization.

Class diagram for updated svgWhiteList_ sanitizer configuration

classDiagram
  class SvgSanitizer {
    - svgWhiteList_
    + sanitizeSvg(svgInput)
  }

  class SvgWhiteListEntry_g {
    +clip_path
    +clip_rule
    +fill
    +fill_opacity
    +fill_rule
    +filter
    +mask
    +opacity
    +requiredFeatures
    +stroke
    +stroke_dasharray
    +stroke_dashoffset
    +stroke_linecap
    +stroke_linejoin
    +stroke_miterlimit
    +stroke_opacity
    +stroke_width
    +systemLanguage
    +font_family
    +font_size
    +font_stretch
    +font_style
    +font_weight
    +text_anchor
  }

  class SvgWhiteListEntry_symbol {
    +fill
    +fill_opacity
    +fill_rule
    +filter
    +font_family
    +font_size
    +font_stretch
    +font_style
    +font_weight
    +opacity
    +overflow
    +preserveAspectRatio
    +requiredFeatures
    +stroke
    +stroke_dasharray
    +stroke_dashoffset
    +stroke_linecap
    +stroke_linejoin
    +stroke_miterlimit
    +stroke_opacity
    +stroke_width
    +systemLanguage
    +viewBox
    +width
    +height
  }

  class SvgWhiteListEntry_text {
    +clip_path
    +clip_rule
    +dominant_baseline
    +fill
    +fill_opacity
    +fill_rule
    +filter
    +font_family
    +font_size
    +font_stretch
    +font_style
    +font_weight
    +mask
    +opacity
    +requiredFeatures
    +stroke
    +stroke_dasharray
    +stroke_dashoffset
    +stroke_linecap
    +stroke_linejoin
    +stroke_miterlimit
    +stroke_opacity
    +stroke_width
    +systemLanguage
    +text_anchor
    +letter_spacing
    +word_spacing
    +text_decoration
    +textLength
    +lengthAdjust
    +x
    +xml_space
    +y
  }

  class SvgWhiteListEntry_tspan {
    +clip_path
    +clip_rule
    +dx
    +dy
    +dominant_baseline
    +fill
    +fill_opacity
    +fill_rule
    +filter
    +font_family
    +font_size
    +font_stretch
    +font_style
    +font_weight
    +mask
    +opacity
    +requiredFeatures
    +rotate
    +stroke
    +stroke_dasharray
    +stroke_dashoffset
    +stroke_linecap
    +stroke_linejoin
    +stroke_miterlimit
    +stroke_opacity
    +stroke_width
    +systemLanguage
    +text_anchor
    +textLength
    +x
    +xml_space
    +y
  }

  SvgSanitizer --> SvgWhiteListEntry_g : uses
  SvgSanitizer --> SvgWhiteListEntry_symbol : uses
  SvgSanitizer --> SvgWhiteListEntry_text : uses
  SvgSanitizer --> SvgWhiteListEntry_tspan : uses

Loading

Flow diagram for SVG sanitization with preserved font-stretch

flowchart TD
  UserSVG["User-provided SVG with font-stretch"] --> Sanitizer
  Sanitizer["sanitizeSvg"] --> CheckWhitelist["Check svgWhiteList_ for each element/attribute"]
  CheckWhitelist -->|font-stretch on g/symbol/text/tspan| KeepAttr["Keep attribute in sanitized SVG"]
  CheckWhitelist -->|non-whitelisted attributes| DropAttr["Strip attribute"]
  KeepAttr --> SanitizedSVG["Sanitized SVG rendered with font-stretch"]
  DropAttr --> SanitizedSVG

Loading

File-Level Changes

Change	Details	Files
Allow font-stretch on group-level SVG elements during sanitization.	Updated allowed attributes for the g element to include font-stretch so that this property is preserved when sanitizing SVGs.	packages/svgcanvas/core/sanitize.js
Allow font-stretch on symbol-based SVG elements during sanitization.	Expanded the symbol element whitelist to include font-stretch in its list of permitted attributes.	packages/svgcanvas/core/sanitize.js
Allow font-stretch on text-related SVG elements during sanitization.	Extended the text element whitelist with font-stretch to keep this attribute when sanitizing. Extended the tspan element whitelist with font-stretch to keep this attribute when sanitizing.	packages/svgcanvas/core/sanitize.js

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• Since the same set of font-related attributes is now repeated across g, symbol, text, and tspan, consider extracting a shared FONT_ATTRIBUTES array and spreading it into each element’s whitelist to reduce duplication and the chance of future inconsistencies.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Since the same set of font-related attributes is now repeated across `g`, `symbol`, `text`, and `tspan`, consider extracting a shared `FONT_ATTRIBUTES` array and spreading it into each element’s whitelist to reduce duplication and the chance of future inconsistencies.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}