From d0a2ddb0e3ff2e652a0aec84444a206c53811ca6 Mon Sep 17 00:00:00 2001
From: scratching-claws <76702466+scratching-claws@users.noreply.github.com.>
Date: Mon, 21 Jul 2025 18:23:24 +0100
Subject: [PATCH 1/2] fix: allow SVG filter elements

Adds a rule to allow the SVG filter tag, when sanitizing SVGs, so that
effects such as shadows and blur do not lead to SVGs which don't diplay
on the project stage
---
 packages/scratch-svg-renderer/src/sanitize-svg.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/scratch-svg-renderer/src/sanitize-svg.js b/packages/scratch-svg-renderer/src/sanitize-svg.js
index e12886bdfe..75ee058aae 100644
--- a/packages/scratch-svg-renderer/src/sanitize-svg.js
+++ b/packages/scratch-svg-renderer/src/sanitize-svg.js
@@ -130,6 +130,8 @@ sanitizeSvg.sanitizeSvgText = function (rawSvgText) {
     let sanitizedText = DOMPurify.sanitize(rawSvgText, {
         USE_PROFILES: {svg: true},
         FORBID_TAGS: ['a', 'audio', 'canvas', 'video'],
+        // Allow SVG filter elements (used for shadows, blur)
+        ADD_TAGS: ['filter'],
         // Allow data URI in image tags (e.g. SVGs converted from bitmap)
         ADD_DATA_URI_TAGS: ['image']
     });

From b9275223f10e0d87f26b7754886fa4392f63ee6c Mon Sep 17 00:00:00 2001
From: scratching-claws <76702466+scratching-claws@users.noreply.github.com.>
Date: Sat, 30 Aug 2025 21:54:44 +0100
Subject: [PATCH 2/2] fix: allow all SVG filter elements

---
 packages/scratch-svg-renderer/src/sanitize-svg.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packages/scratch-svg-renderer/src/sanitize-svg.js b/packages/scratch-svg-renderer/src/sanitize-svg.js
index 75ee058aae..c61f0f7e5d 100644
--- a/packages/scratch-svg-renderer/src/sanitize-svg.js
+++ b/packages/scratch-svg-renderer/src/sanitize-svg.js
@@ -128,10 +128,8 @@ sanitizeSvg.sanitizeByteStream = function (rawData) {
  */
 sanitizeSvg.sanitizeSvgText = function (rawSvgText) {
     let sanitizedText = DOMPurify.sanitize(rawSvgText, {
-        USE_PROFILES: {svg: true},
+        USE_PROFILES: {svg: true, svgFilters: true},
         FORBID_TAGS: ['a', 'audio', 'canvas', 'video'],
-        // Allow SVG filter elements (used for shadows, blur)
-        ADD_TAGS: ['filter'],
         // Allow data URI in image tags (e.g. SVGs converted from bitmap)
         ADD_DATA_URI_TAGS: ['image']
     });