diff --git a/package-lock.json b/package-lock.json
index 5d03c7b427c..6a1332d6062 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12242,7 +12242,6 @@
     },
     "node_modules/boolbase": {
       "version": "1.0.0",
-      "dev": true,
       "license": "ISC"
     },
     "node_modules/bottleneck": {
@@ -14149,7 +14148,6 @@
     },
     "node_modules/css-select": {
       "version": "5.2.2",
-      "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
         "boolbase": "^1.0.0",
@@ -14184,7 +14182,6 @@
     },
     "node_modules/css-what": {
       "version": "6.2.2",
-      "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">= 6"
@@ -14208,6 +14205,39 @@
         "node": ">=4"
       }
     },
+    "node_modules/csso": {
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz",
+      "integrity": "sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==",
+      "license": "MIT",
+      "dependencies": {
+        "css-tree": "~2.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0",
+        "npm": ">=7.0.0"
+      }
+    },
+    "node_modules/csso/node_modules/css-tree": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz",
+      "integrity": "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==",
+      "license": "MIT",
+      "dependencies": {
+        "mdn-data": "2.0.28",
+        "source-map-js": "^1.0.1"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0",
+        "npm": ">=7.0.0"
+      }
+    },
+    "node_modules/csso/node_modules/mdn-data": {
+      "version": "2.0.28",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz",
+      "integrity": "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g==",
+      "license": "CC0-1.0"
+    },
     "node_modules/cssom": {
       "version": "0.3.8",
       "dev": true,
@@ -14678,7 +14708,6 @@
     },
     "node_modules/dom-serializer": {
       "version": "2.0.0",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "domelementtype": "^2.3.0",
@@ -14694,7 +14723,6 @@
     },
     "node_modules/domelementtype": {
       "version": "2.3.0",
-      "dev": true,
       "funding": [
         {
           "type": "github",
@@ -14713,7 +14741,6 @@
     },
     "node_modules/domhandler": {
       "version": "5.0.3",
-      "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
         "domelementtype": "^2.3.0"
@@ -14734,7 +14761,6 @@
     },
     "node_modules/domutils": {
       "version": "3.2.2",
-      "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
         "dom-serializer": "^2.0.0",
@@ -14885,7 +14911,6 @@
     },
     "node_modules/entities": {
       "version": "4.5.0",
-      "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -27411,7 +27436,6 @@
     },
     "node_modules/nth-check": {
       "version": "2.1.1",
-      "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
         "boolbase": "^1.0.0"
@@ -31037,9 +31061,13 @@
       "license": "MIT"
     },
     "node_modules/sax": {
-      "version": "1.4.3",
-      "dev": true,
-      "license": "BlueOak-1.0.0"
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
+      "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==",
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=11.0.0"
+      }
     },
     "node_modules/saxes": {
       "version": "3.1.11",
@@ -33250,6 +33278,40 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/svgo": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.1.tgz",
+      "integrity": "sha512-XDpWUOPC6FEibaLzjfe0ucaV0YrOjYotGJO1WpF0Zd+n6ZGEQUsSugaoLq9QkEZtAfQIxT42UChcssDVPP3+/w==",
+      "license": "MIT",
+      "dependencies": {
+        "commander": "^11.1.0",
+        "css-select": "^5.1.0",
+        "css-tree": "^3.0.1",
+        "css-what": "^6.1.0",
+        "csso": "^5.0.5",
+        "picocolors": "^1.1.1",
+        "sax": "^1.5.0"
+      },
+      "bin": {
+        "svgo": "bin/svgo.js"
+      },
+      "engines": {
+        "node": ">=16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/svgo"
+      }
+    },
+    "node_modules/svgo/node_modules/commander": {
+      "version": "11.1.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz",
+      "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=16"
+      }
+    },
     "node_modules/symbol-tree": {
       "version": "3.2.4",
       "license": "MIT"
@@ -34980,6 +35042,7 @@
       "dev": true,
       "license": "BSD-2-Clause",
       "optional": true,
+      "peer": true,
       "bin": {
         "uglifyjs": "bin/uglifyjs"
       },
@@ -36795,7 +36858,7 @@
         "react-intl": "6.8.9",
         "react-modal": "3.16.3",
         "react-popover": "0.5.10",
-        "react-redux": "8.1.3",
+        "react-redux": "^8.0.0",
         "react-responsive": "9.0.2",
         "react-style-proptype": "3.2.2",
         "react-tabs": "5.2.0",
@@ -38519,12 +38582,14 @@
         "css-tree": "3.2.1",
         "fastestsmallesttextencoderdecoder": "1.0.22",
         "isomorphic-dompurify": "2.36.0",
+        "svgo": "^4.0.1",
         "transformation-matrix": "1.15.3",
         "tslog": "4.10.2"
       },
       "devDependencies": {
         "@babel/core": "7.29.0",
         "@babel/preset-env": "7.29.3",
+        "@playwright/test": "1.59.1",
         "babel-loader": "9.2.1",
         "canvas": "3.2.3",
         "copy-webpack-plugin": "6.4.1",
diff --git a/packages/scratch-render/src/RenderWebGL.js b/packages/scratch-render/src/RenderWebGL.js
index 888356475f2..54a06cdb16a 100644
--- a/packages/scratch-render/src/RenderWebGL.js
+++ b/packages/scratch-render/src/RenderWebGL.js
@@ -355,14 +355,14 @@ class RenderWebGL extends EventEmitter {
      * @param {!string} svgData - new SVG to use.
      * @param {?Array<number>} rotationCenter Optional: rotation center of the skin. If not supplied, the center of the
      * skin will be used
-     * @returns {!int} the ID for the new skin.
+     * @returns {Promise<number>} A promise that resolves with the skin ID once the skin's
+     *     dimensions are available via getSkinSize.
      */
     createSVGSkin (svgData, rotationCenter) {
         const skinId = this._nextSkinId++;
         const newSkin = new SVGSkin(skinId, this);
-        newSkin.setSVG(svgData, rotationCenter);
         this._allSkins[skinId] = newSkin;
-        return skinId;
+        return newSkin.setSVG(svgData, rotationCenter).then(() => skinId);
     }
 
     /**
@@ -398,16 +398,16 @@ class RenderWebGL extends EventEmitter {
      * @param {!string} svgData - new SVG to use.
      * @param {?Array<number>} rotationCenter Optional: rotation center of the skin. If not supplied, the center of the
      * skin will be used
+     * @returns {Promise<void>} A promise that resolves once the skin's dimensions are updated.
      */
     updateSVGSkin (skinId, svgData, rotationCenter) {
         if (this._allSkins[skinId] instanceof SVGSkin) {
-            this._allSkins[skinId].setSVG(svgData, rotationCenter);
-            return;
+            return this._allSkins[skinId].setSVG(svgData, rotationCenter);
         }
 
         const newSkin = new SVGSkin(skinId, this);
-        newSkin.setSVG(svgData, rotationCenter);
         this._reskin(skinId, newSkin);
+        return newSkin.setSVG(svgData, rotationCenter);
     }
 
     /**
diff --git a/packages/scratch-render/src/SVGSkin.js b/packages/scratch-render/src/SVGSkin.js
index 71b38ffef6c..d3768dede50 100644
--- a/packages/scratch-render/src/SVGSkin.js
+++ b/packages/scratch-render/src/SVGSkin.js
@@ -54,6 +54,14 @@ class SVGSkin extends Skin {
          * @type {number}
          */
         this._maxTextureScale = 1;
+
+        /**
+         * Generation counter for cancelling stale setSVG loads.
+         * Incremented each time setSVG is called; async callbacks
+         * compare their captured generation to skip outdated results.
+         * @type {number}
+         */
+        this._svgGeneration = 0;
     }
 
     /**
@@ -192,46 +200,56 @@ class SVGSkin extends Skin {
      * @fires Skin.event:WasAltered
      */
     setSVG (svgData, rotationCenter) {
-        const svgTag = loadSvgString(svgData);
-        const svgText = serializeSvgToString(svgTag, true /* shouldInjectFonts */);
         this._svgImageLoaded = false;
 
-        const {x, y, width, height} = svgTag.viewBox.baseVal;
-        // While we're setting the size before the image is loaded, this doesn't cause the skin to appear with the wrong
-        // size for a few frames while the new image is loading, because we don't emit the `WasAltered` event, telling
-        // drawables using this skin to update, until the image is loaded.
-        // We need to do this because the VM reads the skin's `size` directly after calling `setSVG`.
-        // TODO: return a Promise so that the VM can read the skin's `size` after the image is loaded.
-        this._size[0] = width;
-        this._size[1] = height;
-
-        // If there is another load already in progress, replace the old onload to effectively cancel the old load
-        this._svgImage.onload = () => {
-            if (width === 0 || height === 0) {
-                super.setEmptyImageData();
-                return;
-            }
-
-            const maxDimension = Math.ceil(Math.max(width, height));
-            let testScale = 2;
-            for (testScale; maxDimension * testScale <= MAX_TEXTURE_DIMENSION; testScale *= 2) {
-                this._maxTextureScale = testScale;
-            }
-
-            this.resetMIPs();
-
-            if (typeof rotationCenter === 'undefined') rotationCenter = this.calculateRotationCenter();
-            // Compensate for viewbox offset.
-            // See https://github.com/LLK/scratch-render/pull/90.
-            this._rotationCenter[0] = rotationCenter[0] - x;
-            this._rotationCenter[1] = rotationCenter[1] - y;
-
-            this._svgImageLoaded = true;
-
-            this.emit(Skin.Events.WasAltered);
-        };
+        // Increment generation so that if setSVG is called again before
+        // the async pipeline finishes, the stale result is discarded.
+        const generation = ++this._svgGeneration;
+
+        // Full async pipeline: sanitize, normalize, serialize, render.
+        // Resolves after _size is updated; callers that need correct dimensions
+        // must await the returned Promise.
+        return loadSvgString(svgData).then(svgTag => {
+            // A newer setSVG call supersedes this one.
+            if (this._svgGeneration !== generation) return;
+
+            const svgText = serializeSvgToString(svgTag, true /* shouldInjectFonts */);
+            const {x, y, width, height} = svgTag.viewBox.baseVal;
+
+            // Update size from the normalized SVG (normalization may have
+            // changed dimensions, e.g. for Scratch 2 quirks-mode SVGs).
+            this._size[0] = width;
+            this._size[1] = height;
+
+            this._svgImage.onload = () => {
+                if (this._svgGeneration !== generation) return;
+
+                if (width === 0 || height === 0) {
+                    super.setEmptyImageData();
+                    return;
+                }
+
+                const maxDimension = Math.ceil(Math.max(width, height));
+                let testScale = 2;
+                for (testScale; maxDimension * testScale <= MAX_TEXTURE_DIMENSION; testScale *= 2) {
+                    this._maxTextureScale = testScale;
+                }
+
+                this.resetMIPs();
+
+                if (typeof rotationCenter === 'undefined') rotationCenter = this.calculateRotationCenter();
+                // Compensate for viewbox offset.
+                // See https://github.com/LLK/scratch-render/pull/90.
+                this._rotationCenter[0] = rotationCenter[0] - x;
+                this._rotationCenter[1] = rotationCenter[1] - y;
+
+                this._svgImageLoaded = true;
+
+                this.emit(Skin.Events.WasAltered);
+            };
 
-        this._svgImage.src = `data:image/svg+xml;utf8,${encodeURIComponent(svgText)}`;
+            this._svgImage.src = `data:image/svg+xml;utf8,${encodeURIComponent(svgText)}`;
+        });
     }
 
 }
diff --git a/packages/scratch-render/test/integration/skin-size-tests.js b/packages/scratch-render/test/integration/skin-size-tests.js
index 2d7db354150..aea4d1b2115 100644
--- a/packages/scratch-render/test/integration/skin-size-tests.js
+++ b/packages/scratch-render/test/integration/skin-size-tests.js
@@ -14,8 +14,8 @@ const indexHTML = path.resolve(__dirname, 'index.html');
 
     await test('SVG skin size set properly', async t => {
         t.plan(1);
-        const skinSize = await page.evaluate(() => {
-            const skinID = render.createSVGSkin(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 100"></svg>`);
+        const skinSize = await page.evaluate(async () => {
+            const skinID = await render.createSVGSkin(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 100"></svg>`);
             return render.getSkinSize(skinID);
         });
         t.same(skinSize, [50, 100]);
diff --git a/packages/scratch-render/test/integration/svg-skin-async-tests.js b/packages/scratch-render/test/integration/svg-skin-async-tests.js
new file mode 100644
index 00000000000..0edaf866984
--- /dev/null
+++ b/packages/scratch-render/test/integration/svg-skin-async-tests.js
@@ -0,0 +1,111 @@
+/* global render, requestAnimationFrame */
+/**
+ * Integration tests for SVGSkin.setSVG async pipeline and generation counter.
+ *
+ * Verifies that:
+ * - Rapid successive setSVG calls discard stale results (generation counter).
+ * - The async loadSvgString pipeline correctly updates skin size.
+ * - Superseded setSVG calls do not corrupt skin state.
+ *
+ * Requires built dist bundles: run `npm run build` in scratch-render and
+ * scratch-svg-renderer before running these tests.
+ */
+const {chromium} = require('playwright-chromium');
+const test = require('tap').test;
+const path = require('path');
+
+const indexHTML = path.resolve(__dirname, 'index.html');
+
+(async () => {
+    const browser = await chromium.launch();
+    const page = await browser.newPage();
+
+    await page.goto(`file://${indexHTML}`);
+
+    // Wait for the renderer to be ready.
+    await page.waitForFunction(() => typeof render !== 'undefined' && render.createSVGSkin);
+
+    await test('createSVGSkin with viewBox SVG resolves with correct size', async t => {
+        const skinSize = await page.evaluate(async () => {
+            const svg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 75 120" width="75" height="120">' +
+                '<rect width="75" height="120" fill="red"/></svg>';
+            const skinId = await render.createSVGSkin(svg);
+            return render.getSkinSize(skinId);
+        });
+        t.same(skinSize, [75, 120]);
+    });
+
+    await test('createSVGSkin with viewBox but no width/height resolves with correct size', async t => {
+        const skinSize = await page.evaluate(async () => {
+            const svg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 63 47">' +
+                '<rect width="63" height="47" fill="blue"/></svg>';
+            const skinId = await render.createSVGSkin(svg);
+            return render.getSkinSize(skinId);
+        });
+        t.same(skinSize, [63, 47]);
+    });
+
+    await test('rapid updateSVGSkin calls: only last SVG dimensions persist', async t => {
+        const result = await page.evaluate(async () => {
+            const small = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 10 10" width="10" height="10">' +
+                '<rect width="10" height="10" fill="red"/></svg>';
+            const medium = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50" width="50" height="50">' +
+                '<rect width="50" height="50" fill="green"/></svg>';
+            const large = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 150" width="200" height="150">' +
+                '<rect width="200" height="150" fill="blue"/></svg>';
+
+            // Create initial skin
+            const skinId = await render.createSVGSkin(small);
+
+            // Fire three rapid updates without awaiting the first two.
+            render.updateSVGSkin(skinId, small);
+            render.updateSVGSkin(skinId, medium);
+            const lastPromise = render.updateSVGSkin(skinId, large);
+
+            // Wait for the last one to settle.
+            await lastPromise;
+
+            // Give a frame for img.onload to fire.
+            await new Promise(resolve => requestAnimationFrame(resolve));
+
+            return render.getSkinSize(skinId);
+        });
+
+        // Only the last SVG (200x150) should be reflected.
+        t.same(result, [200, 150]);
+    });
+
+    await test('superseded setSVG load is discarded when a newer call wins', async t => {
+        const result = await page.evaluate(async () => {
+            // SVG without viewBox forces the async measurement path (slower).
+            const slowSvg = '<svg xmlns="http://www.w3.org/2000/svg">' +
+                '<rect x="0" y="0" width="30" height="25" fill="red"/></svg>';
+            // SVG with viewBox takes the fast path.
+            const fastSvg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 99 77" width="99" height="77">' +
+                '<rect width="99" height="77" fill="blue"/></svg>';
+
+            const skinId = await render.createSVGSkin(
+                '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1" width="1" height="1"></svg>'
+            );
+
+            // First: fire the slow measurement path (no viewBox).
+            render.updateSVGSkin(skinId, slowSvg);
+            // Immediately supersede with the fast path.
+            const fastPromise = render.updateSVGSkin(skinId, fastSvg);
+
+            await fastPromise;
+            // Wait for any stale callbacks to potentially fire.
+            await new Promise(resolve => setTimeout(resolve, 200));
+
+            return render.getSkinSize(skinId);
+        });
+
+        // The fast SVG (99x77) should win; the slow SVG's stale result should be discarded.
+        t.same(result, [99, 77]);
+    });
+
+    await browser.close();
+})().catch(err => {
+    console.error(err.message);
+    process.exit(1);
+});
diff --git a/packages/scratch-svg-renderer/eslint.config.mjs b/packages/scratch-svg-renderer/eslint.config.mjs
index c816685ea7d..638a7de215a 100644
--- a/packages/scratch-svg-renderer/eslint.config.mjs
+++ b/packages/scratch-svg-renderer/eslint.config.mjs
@@ -16,11 +16,24 @@ export default eslintConfigScratch.defineConfig(
             '*.{,c,m}js', // for example, webpack.config.js
             'test/**/*.{,c,m}js'
         ],
+        ignores: ['test/playwright/**/*.{,c,m}js'],
         extends: [eslintConfigScratch.legacy.node],
         languageOptions: {
             globals: globals.node
         }
     },
+    {
+        // Playwright test files run in Node but contain page.evaluate() callbacks
+        // that reference browser globals (window, document) executed in Chromium.
+        files: ['test/playwright/**/*.{,c,m}js'],
+        extends: [eslintConfigScratch.legacy.node],
+        languageOptions: {
+            globals: {
+                ...globals.node,
+                ...globals.browser
+            }
+        }
+    },
     globalIgnores([
         'dist/**/*',
         'node_modules/**/*',
diff --git a/packages/scratch-svg-renderer/package.json b/packages/scratch-svg-renderer/package.json
index 48a7668850b..501cf9dd7f8 100644
--- a/packages/scratch-svg-renderer/package.json
+++ b/packages/scratch-svg-renderer/package.json
@@ -14,10 +14,13 @@
   "license": "AGPL-3.0-only",
   "author": "Massachusetts Institute of Technology",
   "exports": {
-    "webpack": "./src/index.js",
-    "browser": "./dist/web/scratch-svg-renderer.js",
-    "node": "./dist/node/scratch-svg-renderer.js",
-    "default": "./src/index.js"
+    ".": {
+      "webpack": "./src/index.js",
+      "browser": "./dist/web/scratch-svg-renderer.js",
+      "node": "./dist/node/scratch-svg-renderer.js",
+      "default": "./src/index.js"
+    },
+    "./sandbox": "./src/sandbox/index.js"
   },
   "main": "./dist/node/scratch-svg-renderer.js",
   "browser": "./dist/web/scratch-svg-renderer.js",
@@ -37,6 +40,7 @@
     "start": "webpack-dev-server",
     "test": "npm run test:lint && npm run test:unit",
     "test:lint": "eslint",
+    "test:playwright": "playwright test",
     "test:unit": "tap ./test/*.js",
     "watch": "webpack --watch"
   },
@@ -55,12 +59,14 @@
     "css-tree": "3.2.1",
     "fastestsmallesttextencoderdecoder": "1.0.22",
     "isomorphic-dompurify": "2.36.0",
+    "svgo": "^4.0.1",
     "transformation-matrix": "1.15.3",
     "tslog": "4.10.2"
   },
   "devDependencies": {
     "@babel/core": "7.29.0",
     "@babel/preset-env": "7.29.3",
+    "@playwright/test": "1.59.1",
     "babel-loader": "9.2.1",
     "canvas": "3.2.3",
     "copy-webpack-plugin": "6.4.1",
diff --git a/packages/scratch-svg-renderer/playwright.config.js b/packages/scratch-svg-renderer/playwright.config.js
new file mode 100644
index 00000000000..525025df08c
--- /dev/null
+++ b/packages/scratch-svg-renderer/playwright.config.js
@@ -0,0 +1,30 @@
+// @ts-check
+const path = require('path');
+const {pathToFileURL} = require('url');
+const {defineConfig, devices} = require('@playwright/test');
+
+module.exports = defineConfig({
+    testDir: './test/playwright',
+
+    fullyParallel: true,
+    forbidOnly: !!process.env.CI,
+    retries: process.env.CI ? 1 : 0,
+
+    outputDir: 'test-results/playwright-artifacts',
+    reporter: [
+        ['list'],
+        ['html', {outputFolder: 'test-results/playwright-html', open: 'never'}]
+    ],
+
+    use: {
+        baseURL: `${pathToFileURL(path.resolve(__dirname, 'test/playwright'))}/`,
+        trace: 'on-first-retry'
+    },
+
+    projects: [
+        {
+            name: 'chromium',
+            use: {...devices['Desktop Chrome']}
+        }
+    ]
+});
diff --git a/packages/scratch-svg-renderer/src/canonicalize-svg.js b/packages/scratch-svg-renderer/src/canonicalize-svg.js
new file mode 100644
index 00000000000..333e8fdf8f9
--- /dev/null
+++ b/packages/scratch-svg-renderer/src/canonicalize-svg.js
@@ -0,0 +1,228 @@
+/**
+ * Canonicalize SVG text using SVGO 4 with a security-focused, deny-by-default
+ * plugin set.  Strips dangerous elements, attributes, and external references
+ * while preserving visual fidelity.
+ */
+
+const {ident} = require('css-tree/utils');
+const {
+    cssHasExternalUrls, filterCssText, isInternalRef, rawTextHasExternalUrls
+} = require('./util/svg-url-helpers');
+
+// Cache the SVGO module after first dynamic import.
+let _svgoPromise = null;
+const getSvgo = () => {
+    if (!_svgoPromise) {
+        _svgoPromise = import('svgo/browser');
+    }
+    return _svgoPromise;
+};
+
+/**
+ * Strip declarations with external url() references from a CSS declaration
+ * list string (used for style attributes).  Returns the cleaned string, or
+ * an empty string if everything was removed.
+ * @param {string} cssText raw CSS declaration list.
+ * @returns {string} cleaned CSS text.
+ */
+const stripExternalUrlDeclarations = cssText => {
+    try {
+        return filterCssText(cssText, 'declarationList');
+    } catch {
+        // Unparseable CSS — strip entirely rather than risk external loads.
+        return rawTextHasExternalUrls(ident.decode(cssText)) ? '' : cssText;
+    }
+};
+
+// ── Element / attribute classification ─────────────────────────────────────
+
+/** Elements removed entirely (children discarded). */
+const REMOVE_ELEMENTS = new Set([
+    'script',
+    'foreignObject',
+    'foreignobject', // case-normalized variant
+    // SVG animation elements
+    'animate',
+    'animateMotion',
+    'animateTransform',
+    'animateColor',
+    'set'
+]);
+
+/** Elements whose wrapper is removed but children are preserved. */
+const UNWRAP_ELEMENTS = new Set(['a']);
+
+/** Attributes that carry a direct URI reference. */
+const URI_ATTRS = new Set(['href', 'xlink:href']);
+
+/**
+ * Normalize an attribute name for security checks.
+ *
+ * Applies NFKC to collapse full-width and other compatibility equivalents
+ * (e.g. ｏｎclick → onclick), then strips U+200C (ZWNJ) and U+200D (ZWJ),
+ * which are valid XML name characters and can be embedded invisibly to break
+ * naive prefix checks (e.g. on\u200Cclick).  All legitimate SVG attribute
+ * names are pure ASCII so these transformations produce no false positives.
+ * @param {string} name raw attribute name from the parsed SVG AST.
+ * @returns {string} normalized attribute name.
+ */
+const normalizeAttrName = name =>
+    name.normalize('NFKC').replace(/[\u200C\u200D]/g, '');
+
+const isEventHandler = name => /^on/i.test(normalizeAttrName(name));
+
+// ── SVGO custom plugins ───────────────────────────────────────────────────
+
+/**
+ * Remove dangerous elements (script, foreignObject, animation) and unwrap
+ * anchor elements (preserve children, drop the <a> wrapper).
+ */
+const removeDangerousElements = {
+    name: 'removeDangerousElements',
+    fn: () => ({
+        element: {
+            enter: (node, parentNode) => {
+                if (REMOVE_ELEMENTS.has(node.name)) {
+                    parentNode.children = parentNode.children.filter(
+                        child => child !== node
+                    );
+                    return;
+                }
+                if (UNWRAP_ELEMENTS.has(node.name)) {
+                    parentNode.children = parentNode.children.flatMap(
+                        child => (child === node ? node.children : [child])
+                    );
+                }
+            }
+        }
+    })
+};
+
+/**
+ * Remove event-handler attributes (on*) and external href / xlink:href
+ * references.  Strip individual external-url declarations from style
+ * attributes; remove presentation attributes that reference external URLs.
+ */
+const removeDangerousAttributes = {
+    name: 'removeDangerousAttributes',
+    fn: () => ({
+        element: {
+            enter: node => {
+                for (const attr of Object.keys(node.attributes)) {
+                    const normalizedAttr = normalizeAttrName(attr);
+                    if (isEventHandler(attr)) {
+                        delete node.attributes[attr];
+                        continue;
+                    }
+
+                    // Direct URI attributes (href, xlink:href)
+                    if (URI_ATTRS.has(normalizedAttr)) {
+                        const val = node.attributes[attr];
+                        if (val && !isInternalRef(val.replace(/\s/g, ''))) {
+                            delete node.attributes[attr];
+                        }
+                        continue;
+                    }
+
+                    // style attribute — strip only the offending declarations
+                    if (normalizedAttr === 'style') {
+                        const cleaned = stripExternalUrlDeclarations(
+                            node.attributes.style
+                        );
+                        if (cleaned) {
+                            node.attributes.style = cleaned;
+                        } else {
+                            delete node.attributes.style;
+                        }
+                        continue;
+                    }
+
+                    // Presentation attributes that might carry url()
+                    const val = node.attributes[attr];
+                    if (val && /url\s*\(/i.test(val) &&
+                        cssHasExternalUrls(val, 'value')) {
+                        delete node.attributes[attr];
+                    }
+                }
+            }
+        }
+    })
+};
+
+// ── Plugin pipeline ────────────────────────────────────────────────────────
+
+/**
+ * Deny-by-default plugin list.  Order matters:
+ * 1. Inline styles from <style> before removing <style> elements.
+ * 2. Remove <style>, <script>, and other dangerous elements.
+ * 3. Strip dangerous attributes and external references.
+ * 4. Cleanup metadata, comments, doctypes.
+ * 5. Sort attributes for deterministic (fixed-point) output.
+ */
+const CANONICALIZE_PLUGINS = [
+    // Inline CSS from <style> into element style attributes so visual
+    // appearance is preserved when we remove <style> elements next.
+    {
+        name: 'inlineStyles',
+        params: {
+            onlyMatchedOnce: false,
+            removeMatchedSelectors: true
+        }
+    },
+    'removeStyleElement',
+    'removeScripts',
+    removeDangerousElements,
+    removeDangerousAttributes,
+    'removeDoctype',
+    'removeXMLProcInst',
+    'removeComments',
+    'removeMetadata',
+    'removeEditorsNSData',
+    'sortAttrs'
+];
+
+// ── Public API ─────────────────────────────────────────────────────────────
+
+/**
+ * Canonicalize an SVG string for safe consumption.
+ *
+ * Uses SVGO 4 with a deny-by-default plugin set that strips:
+ * - `<script>`, `<style>`, `<foreignObject>`, `<a>`, animation elements
+ * - Event-handler attributes (on*)
+ * - External `href` / `xlink:href` references
+ * - External CSS `url()` references
+ *
+ * The output is a fixed point: canonicalize(canonicalize(x)) === canonicalize(x).
+ *
+ * Async because SVGO 4's browser-safe bundle is ESM-only; dynamic import()
+ * resolves cleanly under both Node and webpack.
+ * @param {string} svgText raw SVG string.
+ * @returns {Promise<string>} canonicalized SVG string.
+ */
+const canonicalizeSvgText = async svgText => {
+    const {optimize} = await getSvgo();
+
+    try {
+        const result = optimize(svgText, {
+            multipass: true,
+            plugins: CANONICALIZE_PLUGINS
+        });
+        return result.data;
+    } catch (e) {
+        // SVGO's SAX parser is stricter than browser DOMParser and rejects
+        // some real-world SVGs (Illustrator custom entities, intentionally
+        // malformed attack inputs, etc.).  Return the input unchanged so
+        // downstream layers (sanitizeSvgText / the iframe sandbox) still
+        // get a chance to process it.
+
+        // TODO: Would we want to deny this SVG entirely, instead of letting it passthrough?
+
+        // eslint-disable-next-line no-console
+        console.warn(
+            `canonicalizeSvgText: SVGO could not parse input (${e.reason || e.message}); returning unmodified`
+        );
+        return svgText;
+    }
+};
+
+module.exports = canonicalizeSvgText;
diff --git a/packages/scratch-svg-renderer/src/index.js b/packages/scratch-svg-renderer/src/index.js
index 5a6c636e23a..d0d73371d86 100644
--- a/packages/scratch-svg-renderer/src/index.js
+++ b/packages/scratch-svg-renderer/src/index.js
@@ -1,5 +1,6 @@
 const SVGRenderer = require('./svg-renderer');
 const BitmapAdapter = require('./bitmap-adapter');
+const canonicalizeSvgText = require('./canonicalize-svg');
 const inlineSvgFonts = require('./font-inliner');
 const loadSvgString = require('./load-svg-string');
 const sanitizeSvg = require('./sanitize-svg');
@@ -12,6 +13,7 @@ const convertFonts = require('./font-converter');
 //  */
 module.exports = {
     BitmapAdapter: BitmapAdapter,
+    canonicalizeSvgText: canonicalizeSvgText,
     convertFonts: convertFonts,
     inlineSvgFonts: inlineSvgFonts,
     loadSvgString: loadSvgString,
diff --git a/packages/scratch-svg-renderer/src/load-svg-string.js b/packages/scratch-svg-renderer/src/load-svg-string.js
index f6c50badf3f..41cf2eb213f 100644
--- a/packages/scratch-svg-renderer/src/load-svg-string.js
+++ b/packages/scratch-svg-renderer/src/load-svg-string.js
@@ -2,6 +2,30 @@ const SvgElement = require('./svg-element');
 const convertFonts = require('./font-converter');
 const transformStrokeWidths = require('./transform-applier');
 const {sanitizeSvgText} = require('./sanitize-svg');
+const {Sandbox} = require('./sandbox/index');
+const {createMeasureSvgScript} = require('./sandbox/measure-svg-script');
+const getFonts = require('scratch-render-fonts');
+
+/**
+ * Singleton sandbox for measuring SVG bounding boxes inside a sandboxed
+ * iframe. Lazily created on the first call to `transformMeasurements`.
+ * @type {Sandbox | null}
+ */
+let measurementSandbox = null;
+
+/**
+ * Get (or create) the singleton measurement sandbox.
+ * @returns {Sandbox} The shared sandbox instance for SVG measurement.
+ */
+const getMeasurementSandbox = () => {
+    if (!measurementSandbox) {
+        const fonts = getFonts();
+        const fontCSS = Object.values(fonts).join('');
+        const script = createMeasureSvgScript(fontCSS);
+        measurementSandbox = new Sandbox(script);
+    }
+    return measurementSandbox;
+};
 
 /**
  * @param {SVGElement} svgTag the tag to search within
@@ -191,39 +215,22 @@ const findLargestStrokeWidth = rootNode => {
  * In Scratch 2.0, SVGs are drawn without respect to the width,
  * height, and viewBox attribute on the tag. The exporter
  * does output these properties - but they appear to be incorrect often.
- * To address the incorrect measurements, we append the DOM to the
- * document, and then use SVG's native `getBBox` to find the real
- * drawn dimensions. This ensures things drawn in negative dimensions,
+ * To address the incorrect measurements, we send the SVG to a
+ * sandboxed iframe and use `getBBox` there to find the real drawn
+ * dimensions. This ensures things drawn in negative dimensions,
  * outside the given viewBox, etc., are all eventually drawn to the canvas.
- * I tried to do this several other ways: stripping the width/height/viewBox
- * attributes and then drawing (Firefox won't draw anything),
- * or inflating them and then measuring a canvas. But this seems to be
- * a natural and performant way.
  * @param {SVGSVGElement} svgTag the SVG tag to apply the transformation to
+ * @returns {Promise<void>} Resolves once the measurements have been applied.
  */
-const transformMeasurements = svgTag => {
-    // Append the SVG dom to the document.
-    // This allows us to use `getBBox` on the page,
-    // which returns the full bounding-box of all drawn SVG
-    // elements, similar to how Scratch 2.0 did measurement.
-    const svgSpot = document.createElement('span');
-    let bbox;
-    try {
-        // Insert sanitized value.
-        svgSpot.innerHTML = svgTag.outerHTML;
-        document.body.appendChild(svgSpot);
-        // Take the bounding box. We have to get elements via svgSpot
-        // because we added it via innerHTML.
-        bbox = svgSpot.children[0].getBBox();
-    } finally {
-        // Always destroy the element, even if, for example, getBBox throws.
-        document.body.removeChild(svgSpot);
-    }
+const transformMeasurements = async svgTag => {
+    const sandbox = getMeasurementSandbox();
+    const svgString = svgTag.outerHTML;
+    const bbox = await sandbox.send(svgString);
 
-    // Enlarge the bbox from the largest found stroke width
-    // This may have false-positives, but at least the bbox will always
-    // contain the full graphic including strokes.
-    // If the width or height is zero however, don't enlarge since
+    // Enlarge the bbox from the largest found stroke width.
+    // Stroke-width enlargement stays in the parent because it
+    // walks the SVG DOM which is already parsed in-process.
+    // If the width or height is zero, don't enlarge since
     // they won't have a stroke width that needs to be enlarged.
     let halfStrokeWidth;
     if (bbox.width === 0 || bbox.height === 0) {
@@ -263,10 +270,13 @@ const setGradientStrokeRoundedness = svgTag => {
 
 /**
  * In-place, convert passed SVG to something consistent that will be rendered the way we want them to be.
- * @param {SVGSvgElement} svgTag root SVG node to operate upon
+ * All synchronous DOM transforms run first; the async iframe measurement
+ * (if needed) runs last.
+ * @param {SVGSVGElement} svgTag root SVG node to operate upon
  * @param {boolean} [fromVersion2] True if we should perform conversion from version 2 to version 3 svg.
+ * @returns {Promise<void>} Resolves when normalization (including any async measurement) is complete.
  */
-const normalizeSvg = (svgTag, fromVersion2) => {
+const normalizeSvg = async (svgTag, fromVersion2) => {
     if (fromVersion2) {
         // Fix gradients. Scratch 2 exports no x2 when x2 = 0, but
         // SVG default is that x2 is 1. This must be done before
@@ -279,13 +289,13 @@ const normalizeSvg = (svgTag, fromVersion2) => {
     if (fromVersion2) {
         // Transform all text elements.
         transformText(svgTag);
-        // Transform measurements.
-        transformMeasurements(svgTag);
         // Fix stroke roundedness.
         setGradientStrokeRoundedness(svgTag);
+        // Transform measurements
+        await transformMeasurements(svgTag);
     } else if (!svgTag.getAttribute('viewBox')) {
         // Renderer expects a view box.
-        transformMeasurements(svgTag);
+        await transformMeasurements(svgTag);
     } else if (!svgTag.getAttribute('width') || !svgTag.getAttribute('height')) {
         svgTag.setAttribute('width', svgTag.viewBox.baseVal.width);
         svgTag.setAttribute('height', svgTag.viewBox.baseVal.height);
@@ -300,14 +310,13 @@ const normalizeSvg = (svgTag, fromVersion2) => {
  * mimic Scratch 2.0's SVG rendering.
  * @param {!string} svgString String of SVG data to draw in quirks-mode.
  * @param {boolean} [fromVersion2] True if we should perform conversion from version 2 to version 3 svg.
- * @returns {SVGSVGElement} The normalized SVG element.
+ * @returns {Promise<SVGSVGElement>} Resolves with the normalized SVG element.
  */
-const loadSvgString = (svgString, fromVersion2) => {
+const loadSvgString = async (svgString, fromVersion2) => {
     // Parse string into SVG XML.
     const parser = new DOMParser();
 
-    // Since we're adding user-provided SVG to document.body as part of normalization,
-    // sanitization is required. This should not affect bounding box calculation.
+    // Sanitization is required before any processing.
     const sanitizedSvgString = sanitizeSvgText(svgString);
     const svgDom = parser.parseFromString(sanitizedSvgString, 'text/xml');
     if (svgDom.childNodes.length < 1 ||
@@ -315,7 +324,7 @@ const loadSvgString = (svgString, fromVersion2) => {
         throw new Error('Document does not appear to be SVG.');
     }
     const svgTag = svgDom.documentElement;
-    normalizeSvg(svgTag, fromVersion2);
+    await normalizeSvg(svgTag, fromVersion2);
     return svgTag;
 };
 
diff --git a/packages/scratch-svg-renderer/src/sandbox/iframe-html.js b/packages/scratch-svg-renderer/src/sandbox/iframe-html.js
new file mode 100644
index 00000000000..09aa7921b59
--- /dev/null
+++ b/packages/scratch-svg-renderer/src/sandbox/iframe-html.js
@@ -0,0 +1,79 @@
+/**
+ * HTML template injected into sandboxed iframes via `srcdoc`.
+ *
+ * The iframe receives:
+ *   - A strict Content-Security-Policy via <meta> (default-src 'none';
+ *     script-src 'unsafe-inline' 'unsafe-eval').
+ *   - A runner <script> that:
+ *       1. Waits for `message` events from the parent.
+ *       2. If `__sandbox_script` is present, evaluates it to define
+ *          `window.onSandboxMessage`. The script is sent only with the
+ *          first message; subsequent messages reuse the handler.
+ *       3. Invokes `onSandboxMessage` with the payload and posts the
+ *          result back.
+ *       4. Reports errors back to the parent as `{__sandbox_error: message}`.
+ *
+ * Messages use `__sandbox_payload` / `__sandbox_result`
+ * Batching is the caller's responsibility — pass an array as the payload
+ * and handle it in the `onSandboxMessage` function.
+ *
+ * The caller's script must synchronously assign `window.onSandboxMessage` to a
+ * function that accepts a payload and returns a result (or a Promise of a result).
+ */
+const CSP = "default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval'; " +
+    "style-src 'unsafe-inline'; font-src data:;";
+
+const IFRAME_HTML = `<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="${CSP}">
+</head>
+<body>
+<script>
+window.addEventListener('message', function (event) {
+    try {
+        var scriptText = event.data.__sandbox_script;
+        var payload = event.data.__sandbox_payload;
+        var ticket = event.data.__sandbox_ticket;
+
+        // Evaluate the caller's script if provided. The script is sent only
+        // with the first message; subsequent messages reuse the
+        // previously-defined onSandboxMessage handler.
+        if (scriptText != null) {
+            (0, eval)(scriptText);
+        }
+
+        if (typeof window.onSandboxMessage !== 'function') {
+            throw new Error('Script did not define window.onSandboxMessage');
+        }
+
+        // targetOrigin '*' is intentional: this iframe has an opaque origin
+        // (sandbox="allow-scripts" without allow-same-origin), so event.origin
+        // is always 'null' and cannot be used as a reliable targetOrigin across
+        // browsers and serving contexts. The parent-side listener guards with
+        // event.source === iframe.contentWindow, providing the necessary filtering.
+        Promise.resolve(window.onSandboxMessage(payload)).then(function (result) {
+            parent.postMessage({__sandbox_result: result, __sandbox_ticket: ticket}, '*');
+        }).catch(function (err) {
+            parent.postMessage({
+                __sandbox_error: err && err.message || String(err),
+                __sandbox_ticket: ticket
+            }, '*');
+        });
+    } catch (err) {
+        parent.postMessage({
+            __sandbox_error: err && err.message || String(err),
+            __sandbox_ticket: event.data && event.data.__sandbox_ticket
+        }, '*');
+    }
+});
+</script>
+</body>
+</html>`;
+
+// Support both CommonJS (Node / bundler) and plain browser <script> inclusion.
+if (typeof module === 'undefined') {
+    window.IFRAME_HTML = IFRAME_HTML;
+} else {
+    module.exports = {IFRAME_HTML};
+}
diff --git a/packages/scratch-svg-renderer/src/sandbox/index.js b/packages/scratch-svg-renderer/src/sandbox/index.js
new file mode 100644
index 00000000000..89ad6188b3f
--- /dev/null
+++ b/packages/scratch-svg-renderer/src/sandbox/index.js
@@ -0,0 +1,181 @@
+// Support both CommonJS (Node / bundler) and plain browser <script> inclusion.
+// In browser context, iframe-html.js must be loaded first via a <script> tag
+// so that window.IFRAME_HTML is already defined before this script runs.
+// The entire module body is wrapped in an IIFE, so that top-level `const`
+// declarations don't collide with those in iframe-html.js when both scripts
+// share a single browser page scope.
+(function () {
+    const IFRAME_HTML = typeof module === 'undefined' ?
+        window.IFRAME_HTML :
+        require('./iframe-html').IFRAME_HTML;
+
+    const DEFAULT_TIMEOUT_MS = 30000;
+
+    /**
+     * A sandboxed iframe that runs caller-provided scripts in an opaque-origin
+     * context. The iframe uses `sandbox="allow-scripts"` without
+     * `allow-same-origin`, giving it an opaque origin that cannot access the
+     * parent's DOM, cookies, or storage. A strict Content-Security-Policy
+     * (`default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval'`) blocks
+     * network requests and external resource loads.
+     *
+     * The iframe is lazily created on the first `send()` call and reused for
+     * all subsequent calls until `destroy()` is called. After `destroy()`, the
+     * next `send()` creates a fresh iframe.
+     */
+    class Sandbox {
+    /**
+     * @param {string} script JavaScript source that must synchronously
+     *     define `window.onSandboxMessage = function (payload) { ... }`.
+     *     The function receives a single structured-cloneable value and
+     *     must return a result (or a Promise of a result).
+     * @param {object} [options] Configuration options.
+     * @param {number} [options.timeoutMs] Per-send timeout in
+     *     milliseconds (default 30000). Set to 0 to disable.
+     */
+        constructor (script, {timeoutMs = DEFAULT_TIMEOUT_MS} = {}) {
+            // Defensive copy so a caller mutating the original string after construction
+            // doesn't affect a sandbox that has already been created but not yet sent.
+            this._script = String(script);
+            this._timeoutMs = timeoutMs;
+            this._iframe = null;
+            this._ready = null;
+            this._onMessage = null;
+            this._pendingTickets = new Map();
+            this._scriptSent = false;
+            this._nextTicket = 1;
+        }
+
+        /**
+         * Lazily create the sandboxed iframe and wait for it to load.
+         * @returns {Promise<void>}
+         */
+        _ensureIframe () {
+            if (this._ready) return this._ready;
+
+            const iframe = document.createElement('iframe');
+            iframe.setAttribute('sandbox', 'allow-scripts');
+            // Use visibility:hidden instead of display:none so the iframe's
+            // rendering tree stays active. This is required for DOM
+            // measurement APIs (e.g. getBBox) to return correct values.
+            iframe.style.position = 'absolute';
+            iframe.style.visibility = 'hidden';
+            iframe.style.width = '0';
+            iframe.style.height = '0';
+            iframe.style.border = 'none';
+            iframe.style.overflow = 'hidden';
+            iframe.style.pointerEvents = 'none';
+            this._iframe = iframe;
+
+            this._onMessage = event => {
+                // The sandboxed iframe (no allow-same-origin) always has an opaque origin,
+                // reported as 'null'. Combined with the source check, this is defense-in-depth.
+                if (event.origin !== 'null') return;
+                if (event.source !== iframe.contentWindow) return;
+                const data = event.data;
+                if (!data || typeof data.__sandbox_ticket === 'undefined') return;
+
+                const pending = this._pendingTickets.get(data.__sandbox_ticket);
+                if (!pending) return;
+
+                this._pendingTickets.delete(data.__sandbox_ticket);
+                if (pending.timeoutId !== null) {
+                    clearTimeout(pending.timeoutId);
+                }
+
+                if (typeof data.__sandbox_error === 'undefined') {
+                    pending.resolve(data.__sandbox_result);
+                } else {
+                    pending.reject(new Error(data.__sandbox_error));
+                }
+            };
+
+            window.addEventListener('message', this._onMessage);
+
+            this._ready = new Promise((resolve, reject) => {
+                iframe.addEventListener('load', () => resolve());
+                // The 'error' event on an iframe element is a generic Event, not
+                // an ErrorEvent — it has no .message property. Use a static message.
+                iframe.addEventListener('error', () => {
+                    reject(new Error('Sandbox iframe failed to load'));
+                });
+            });
+
+            iframe.srcdoc = IFRAME_HTML;
+            document.body.appendChild(iframe);
+
+            return this._ready;
+        }
+
+        /**
+         * Send a payload to the iframe and return the result.
+         *
+         * The payload can be any structured-cloneable value. If you need to
+         * process multiple items in a single round-trip, pass an array as the
+         * payload and handle it in your `onSandboxMessage` function.
+         * @param {object} payload The value to pass to onSandboxMessage.
+         * @returns {Promise<object>} The value returned by onSandboxMessage.
+         */
+        async send (payload) {
+            await this._ensureIframe();
+
+            const ticket = this._nextTicket++;
+            const message = {
+                __sandbox_payload: payload,
+                __sandbox_ticket: ticket
+            };
+
+            if (!this._scriptSent) {
+                message.__sandbox_script = this._script;
+                this._scriptSent = true;
+            }
+
+            return new Promise((resolve, reject) => {
+                let timeoutId = null;
+                if (this._timeoutMs > 0) {
+                    timeoutId = setTimeout(() => {
+                        this._pendingTickets.delete(ticket);
+                        reject(new Error(
+                            `Sandbox: timed out after ${this._timeoutMs}ms`
+                        ));
+                    }, this._timeoutMs);
+                }
+
+                this._pendingTickets.set(ticket, {resolve, reject, timeoutId});
+                this._iframe.contentWindow.postMessage(message, '*');
+            });
+        }
+
+        /**
+         * Tear down the iframe and reject any in-flight calls.
+         * After `destroy()`, the next `send()` lazily creates a fresh iframe.
+         */
+        destroy () {
+            for (const pending of this._pendingTickets.values()) {
+                if (pending.timeoutId !== null) {
+                    clearTimeout(pending.timeoutId);
+                }
+                pending.reject(new Error('Sandbox destroyed'));
+            }
+            this._pendingTickets.clear();
+
+            if (this._onMessage) {
+                window.removeEventListener('message', this._onMessage);
+                this._onMessage = null;
+            }
+
+            if (this._iframe && this._iframe.parentNode) {
+                this._iframe.parentNode.removeChild(this._iframe);
+            }
+            this._iframe = null;
+            this._ready = null;
+            this._scriptSent = false;
+        }
+    }
+
+    if (typeof module === 'undefined') {
+        window.Sandbox = Sandbox;
+    } else {
+        module.exports = {Sandbox};
+    }
+}()); // end IIFE
diff --git a/packages/scratch-svg-renderer/src/sandbox/measure-svg-script.js b/packages/scratch-svg-renderer/src/sandbox/measure-svg-script.js
new file mode 100644
index 00000000000..6ac34720706
--- /dev/null
+++ b/packages/scratch-svg-renderer/src/sandbox/measure-svg-script.js
@@ -0,0 +1,85 @@
+/**
+ * Build the script string that runs inside a sandboxed iframe to measure
+ * SVG bounding boxes via `getBBox()`.
+ *
+ * The returned script injects Scratch's `\@font-face` rules into the iframe
+ * document and eagerly loads all registered fonts so that text-bearing
+ * SVGs produce accurate bounding boxes.
+ * @param {string} fontCSS Concatenated `\@font-face` CSS rules for all
+ *     Scratch fonts (from scratch-render-fonts). Each rule should use a
+ *     `data:` URI so fonts load without network access.
+ * @returns {string} Script source to pass to `new Sandbox(script)`.
+ */
+const createMeasureSvgScript = fontCSS => {
+    const fontCSSLiteral = JSON.stringify(fontCSS);
+
+    // The script is eval'd inside the sandboxed iframe. It must use only
+    // ES5-compatible syntax (no arrow functions, no const/let in loops)
+    // for maximum browser compatibility, since the iframe runs whatever
+    // the browser ships natively — no transpilation.
+    return `(function () {
+    // Inject Scratch font @font-face rules into the iframe document.
+    var style = document.createElement('style');
+    style.textContent = ${fontCSSLiteral};
+    document.head.appendChild(style);
+
+    // Eagerly load every registered font face. The fonts use data: URIs
+    // so this is essentially instant (no network), but the browser still
+    // needs to decode and register them before getBBox returns accurate
+    // results for text-bearing SVGs.
+    var fontPromises = [];
+    document.fonts.forEach(function (f) {
+        fontPromises.push(f.load().catch(function () {
+            // Ignore individual font-load failures; not every font is
+            // used by every measured SVG.
+        }));
+    });
+    var fontsReady = Promise.all(fontPromises);
+
+    /**
+     * Measure a single SVG string and return its bounding box.
+     */
+    function measureSvg(svgString) {
+        var container = document.createElement('span');
+        try {
+            container.innerHTML = svgString;
+            document.body.appendChild(container);
+            var svgEl = container.children[0];
+            if (!svgEl || typeof svgEl.getBBox !== 'function') {
+                throw new Error('SVG element not found or does not support getBBox');
+            }
+            var bbox = svgEl.getBBox();
+            return {
+                x: bbox.x,
+                y: bbox.y,
+                width: bbox.width,
+                height: bbox.height
+            };
+        } finally {
+            if (container.parentNode) {
+                container.parentNode.removeChild(container);
+            }
+        }
+    }
+
+    window.onSandboxMessage = function (payload) {
+        var isBatch = Array.isArray(payload);
+        var items = isBatch ? payload : [payload];
+
+        return fontsReady.then(function () {
+            var results = [];
+            for (var i = 0; i < items.length; i++) {
+                results.push(measureSvg(items[i]));
+            }
+            return isBatch ? results : results[0];
+        });
+    };
+})();`;
+};
+
+// Support both CommonJS (Node / bundler) and plain browser <script> inclusion.
+if (typeof module === 'undefined') {
+    window.createMeasureSvgScript = createMeasureSvgScript;
+} else {
+    module.exports = {createMeasureSvgScript};
+}
diff --git a/packages/scratch-svg-renderer/src/sanitize-svg.js b/packages/scratch-svg-renderer/src/sanitize-svg.js
index a8cdb96d8b1..2aec93b72b4 100644
--- a/packages/scratch-svg-renderer/src/sanitize-svg.js
+++ b/packages/scratch-svg-renderer/src/sanitize-svg.js
@@ -3,75 +3,11 @@
  * as possible
  */
 const fixupSvgString = require('./fixup-svg-string');
-const {generate, parse, walk} = require('css-tree');
-const {ident} = require('css-tree/utils');
 const DOMPurify = require('isomorphic-dompurify');
+const {cssHasExternalUrls, filterCssText, isInternalRef} = require('./util/svg-url-helpers');
 
 const sanitizeSvg = {};
 
-const isInternalRef = ref => ref.startsWith('#') || ref.toLowerCase().startsWith('data:');
-
-/**
- * Check if raw CSS text contains an external url() reference via regex.
- * Used for Raw nodes (e.g. custom property values) that css-tree doesn't fully parse.
- * @param {string} text - raw CSS text to check
- * @returns {boolean} true if an external url() reference was found
- */
-const rawTextHasExternalUrls = text => {
-    const normalized = text.toLowerCase().replace(/\s/g, '');
-    const urlPattern = /url\((.+?)\)/g;
-    let match;
-    while ((match = urlPattern.exec(normalized)) !== null) {
-        const ref = match[1].replace(/['"]/g, '');
-        if (!isInternalRef(ref)) return true;
-    }
-    return false;
-};
-
-/**
- * Walk a css-tree AST and return true if any Url node references an external resource.
- * Also checks Raw nodes, which css-tree produces for custom property values and other
- * unparsed content that could still contain url() references.
- * @param {import('css-tree').CssNode} ast - The CSS tree or subtree to walk
- * @returns {boolean} True if an external url() reference was found
- */
-const astHasExternalUrls = ast => {
-    let found = false;
-    walk(ast, node => {
-        if (node.type === 'Url') {
-            const urlValue = node.value.trim().replace(/['"]/g, '');
-            if (!isInternalRef(urlValue)) {
-                found = true;
-            }
-        }
-        if (node.type === 'Raw' && rawTextHasExternalUrls(node.value)) {
-            found = true;
-        }
-    });
-    return found;
-};
-
-/**
- * Canonicalize a CSS string and check it for external url() references.
- * Canonicalization: decode CSS escapes, then parse through css-tree so that all syntax
- * variations (quoting, whitespace, comments, escapes) are normalized into AST nodes.
- * @param {string} cssText - raw CSS text
- * @param {string} parseContext - css-tree parse context: 'value' for a single CSS value
- *   (presentation attributes like fill, stroke), or 'declarationList' for style attributes.
- * @returns {boolean} true if an external url() reference was found
- */
-const cssHasExternalUrls = (cssText, parseContext) => {
-    const decoded = ident.decode(cssText);
-    try {
-        return astHasExternalUrls(parse(decoded, {context: parseContext}));
-    } catch {
-        // If css-tree can't parse it, conservatively check the decoded text.
-        // This handles edge cases where creative syntax breaks the parser but
-        // a browser might still interpret a url() call.
-        return rawTextHasExternalUrls(decoded);
-    }
-};
-
 // Attributes that directly reference a URI (not via CSS url())
 const URI_ATTRIBUTES = new Set(['href', 'xlink:href']);
 
@@ -107,28 +43,9 @@ DOMPurify.addHook(
     (node, data) => {
         if (data.tagName === 'style') {
             try {
-                // Canonicalize: decode CSS escapes then parse, so css-tree sees
-                // normalized tokens (e.g. \75\72\6c becomes url).
-                const decodedCss = ident.decode(node.textContent);
-                const ast = parse(decodedCss);
-                let isModified = decodedCss !== node.textContent;
-
-                walk(ast, (astNode, item, list) => {
-                    // @import rules
-                    if (astNode.type === 'Atrule' && astNode.name.toLowerCase() === 'import') {
-                        list.remove(item);
-                        isModified = true;
-                    }
-
-                    // Declarations using url(...) for external resources
-                    if (astNode.type === 'Declaration' && astNode.value && astHasExternalUrls(astNode.value)) {
-                        list.remove(item);
-                        isModified = true;
-                    }
-                });
-
-                if (isModified) {
-                    node.textContent = generate(ast);
+                const cleaned = filterCssText(node.textContent, null, {removeImports: true});
+                if (cleaned !== node.textContent) {
+                    node.textContent = cleaned;
                 }
             } catch {
                 // If CSS parsing fails, remove the style content entirely
diff --git a/packages/scratch-svg-renderer/src/svg-renderer.js b/packages/scratch-svg-renderer/src/svg-renderer.js
index e95b32776d6..57afb134ab0 100644
--- a/packages/scratch-svg-renderer/src/svg-renderer.js
+++ b/packages/scratch-svg-renderer/src/svg-renderer.js
@@ -77,11 +77,12 @@ class SvgRenderer {
      * @param {!string} svgString String of SVG data to draw in quirks-mode.
      * @param {?boolean} fromVersion2 True if we should perform conversion from
      *     version 2 to version 3 svg.
+     * @returns {Promise<void>} Resolves when the SVG has been loaded and normalized.
      */
-    loadString (svgString, fromVersion2) {
+    async loadString (svgString, fromVersion2) {
         // New svg string invalidates the cached image
         this._cachedImage = null;
-        const svgTag = loadSvgString(svgString, fromVersion2);
+        const svgTag = await loadSvgString(svgString, fromVersion2);
 
         this._svgTag = svgTag;
         this._measurements = {
@@ -99,8 +100,9 @@ class SvgRenderer {
      * @param {Function} [onFinish] - An optional callback to call when the SVG is loaded and can be rendered.
      */
     loadSVG (svgString, fromVersion2, onFinish) {
-        this.loadString(svgString, fromVersion2);
-        this._createSVGImage(onFinish);
+        this.loadString(svgString, fromVersion2).then(() => {
+            this._createSVGImage(onFinish);
+        });
     }
 
     /**
diff --git a/packages/scratch-svg-renderer/src/util/svg-url-helpers.js b/packages/scratch-svg-renderer/src/util/svg-url-helpers.js
new file mode 100644
index 00000000000..3e5b70b7c65
--- /dev/null
+++ b/packages/scratch-svg-renderer/src/util/svg-url-helpers.js
@@ -0,0 +1,122 @@
+/**
+ * Shared helpers for detecting and filtering external URL references in SVG
+ * attributes and CSS.
+ */
+
+const {generate, parse, walk} = require('css-tree');
+const {ident} = require('css-tree/utils');
+
+/**
+ * Return true if a URL string is an internal document reference (fragment) or
+ * a data URI.  Everything else is considered external.
+ * @param {string} ref URL string to test.
+ * @returns {boolean} true if the ref is a fragment identifier or data URI.
+ */
+const isInternalRef = ref =>
+    ref.startsWith('#') || ref.toLowerCase().startsWith('data:');
+
+/**
+ * Check if raw CSS text contains an external url() reference via regex.
+ * Used for Raw nodes (e.g. custom property values) that css-tree doesn't
+ * fully parse.
+ * @param {string} text raw CSS text to check.
+ * @returns {boolean} true if an external url() reference was found.
+ */
+const rawTextHasExternalUrls = text => {
+    const normalized = text.toLowerCase().replace(/\s/g, '');
+    const urlPattern = /url\((.+?)\)/g;
+    let match;
+    while ((match = urlPattern.exec(normalized)) !== null) {
+        const ref = match[1].replace(/['"]/g, '');
+        if (!isInternalRef(ref)) return true;
+    }
+    return false;
+};
+
+/**
+ * Walk a css-tree AST and return true if any Url node references an external
+ * resource.  Also checks Raw nodes, which css-tree produces for custom
+ * property values and other unparsed content that could still contain url()
+ * references.
+ * @param {import('css-tree').CssNode} ast css-tree AST node.
+ * @returns {boolean} true if an external url() reference was found.
+ */
+const astHasExternalUrls = ast => {
+    let found = false;
+    walk(ast, node => {
+        if (node.type === 'Url') {
+            const urlValue = node.value.trim().replace(/['"]/g, '');
+            if (!isInternalRef(urlValue)) {
+                found = true;
+            }
+        }
+        if (node.type === 'Raw' && rawTextHasExternalUrls(node.value)) {
+            found = true;
+        }
+    });
+    return found;
+};
+
+/**
+ * Canonicalize a CSS string and check it for external url() references.
+ * Decodes CSS escapes then parses through css-tree so that all syntax
+ * variations (quoting, whitespace, comments, escapes) are normalized into AST
+ * nodes.
+ * @param {string} cssText raw CSS text.
+ * @param {string} parseContext css-tree parse context: 'value' for a single
+ *   CSS value (presentation attributes like fill, stroke), or
+ *   'declarationList' for style attributes.
+ * @returns {boolean} true if an external url() reference was found.
+ */
+const cssHasExternalUrls = (cssText, parseContext) => {
+    const decoded = ident.decode(cssText);
+    try {
+        return astHasExternalUrls(parse(decoded, {context: parseContext}));
+    } catch {
+        // If css-tree can't parse it, conservatively check the decoded text.
+        // This handles edge cases where creative syntax breaks the parser but
+        // a browser might still interpret a url() call.
+        return rawTextHasExternalUrls(decoded);
+    }
+};
+
+/**
+ * Parse a CSS string, remove external-URL declarations and optionally
+ * `@import` rules, and return the cleaned string.  Decodes CSS escapes before
+ * parsing so that obfuscated references (e.g. `\75\72\6c(…)`) are caught.
+ *
+ * Throws if css-tree cannot parse the input — callers are responsible for
+ * handling parse errors according to their own security policy.
+ * @param {string} cssText raw CSS text.
+ * @param {string|null} parseContext css-tree parse context ('declarationList',
+ *   'value', etc.).  Pass null for a full stylesheet parse.
+ * @param {object} [options] filtering options.
+ * @param {boolean} [options.removeImports] also remove CSS `@import` rules.
+ * @returns {string} cleaned CSS text.
+ */
+const filterCssText = (cssText, parseContext, {removeImports = false} = {}) => {
+    const decoded = ident.decode(cssText);
+    const ast = parse(decoded, parseContext ? {context: parseContext} : {});
+    let modified = decoded !== cssText;
+    walk(ast, (node, item, list) => {
+        if (removeImports && node.type === 'Atrule' &&
+            node.name.toLowerCase() === 'import') {
+            list.remove(item);
+            modified = true;
+        }
+        if (node.type === 'Declaration' && node.value &&
+            astHasExternalUrls(node.value)) {
+            list.remove(item);
+            modified = true;
+        }
+    });
+    return modified ? generate(ast) : cssText;
+};
+
+module.exports = {
+    astHasExternalUrls,
+    cssHasExternalUrls,
+    filterCssText,
+    isInternalRef,
+    rawTextHasExternalUrls
+};
diff --git a/packages/scratch-svg-renderer/test/canonicalize-svg.js b/packages/scratch-svg-renderer/test/canonicalize-svg.js
new file mode 100644
index 00000000000..3a7b8fb1180
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/canonicalize-svg.js
@@ -0,0 +1,330 @@
+/**
+ * Three assertion groups:
+ *
+ *   1. Security: attack-shaped inputs come back without their dangerous parts.
+ *   2. Visual fidelity: legitimate inputs render to identical pixels before and
+ *      after canonicalization (same canvas + pixel-diff machinery as
+ *      visual-fidelity.js).
+ *   3. Fixed point: canonicalize(canonicalize(x)) === canonicalize(x).
+ */
+
+const test = require('tap').test;
+const fs = require('fs');
+const path = require('path');
+const {createCanvas, loadImage} = require('canvas');
+
+const canonicalizeSvgText = require('../src/canonicalize-svg');
+
+const FIXTURE_DIR = path.resolve(__dirname, './fixtures');
+const SNAPSHOT_DIR = path.resolve(__dirname, './snapshots');
+const RENDER_WIDTH = 200;
+const RENDER_HEIGHT = 200;
+const PIXEL_DIFF_TOLERANCE = 0;
+
+// ── Rendering helpers (shared shape with visual-fidelity.js) ───────────────
+
+const renderToCanvas = async svgString => {
+    const image = await loadImage(Buffer.from(svgString, 'utf8'));
+    const canvas = createCanvas(RENDER_WIDTH, RENDER_HEIGHT);
+    const ctx = canvas.getContext('2d');
+    ctx.clearRect(0, 0, RENDER_WIDTH, RENDER_HEIGHT);
+    const scale = Math.min(RENDER_WIDTH / image.width, RENDER_HEIGHT / image.height);
+    const drawWidth = image.width * scale;
+    const drawHeight = image.height * scale;
+    const dx = (RENDER_WIDTH - drawWidth) / 2;
+    const dy = (RENDER_HEIGHT - drawHeight) / 2;
+    ctx.drawImage(image, dx, dy, drawWidth, drawHeight);
+    return canvas;
+};
+
+const countPixelDiffs = (canvasA, canvasB) => {
+    const a = canvasA.getContext('2d').getImageData(0, 0, RENDER_WIDTH, RENDER_HEIGHT).data;
+    const b = canvasB.getContext('2d').getImageData(0, 0, RENDER_WIDTH, RENDER_HEIGHT).data;
+    if (a.length !== b.length) {
+        throw new Error(`ImageData length mismatch: ${a.length} vs ${b.length}`);
+    }
+    let diff = 0;
+    for (let i = 0; i < a.length; i += 4) {
+        if (a[i] !== b[i] || a[i + 1] !== b[i + 1] || a[i + 2] !== b[i + 2] || a[i + 3] !== b[i + 3]) {
+            diff++;
+        }
+    }
+    return diff;
+};
+
+// ── 1. Security: dangerous content is stripped ─────────────────────────────
+
+test('canonicalize: removes <script> elements', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<circle cx="50" cy="50" r="40" fill="red"/>' +
+        '<script type="text/javascript">alert("xss")</script></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<script/i, 'no <script> in output');
+    t.match(result, /<circle/, 'safe content preserved');
+});
+
+test('canonicalize: removes <foreignObject> and its children', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<foreignObject width="100" height="100">' +
+        '<body xmlns="http://www.w3.org/1999/xhtml">' +
+        '<img src="x" onerror="alert(1)"/>' +
+        '</body></foreignObject>' +
+        '<rect fill="blue"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /foreignObject/i, 'no foreignObject');
+    t.notMatch(result, /onerror/i, 'no onerror');
+    t.notMatch(result, /<img/i, 'no img');
+    t.match(result, /<rect/, 'safe content preserved');
+});
+
+test('canonicalize: unwraps <a> elements, preserving children', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<a href="javascript:alert(1)"><rect fill="red"/></a></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<a[\s>]/i, 'no <a> wrapper');
+    t.notMatch(result, /javascript:/i, 'no javascript: href');
+    t.match(result, /<rect/, 'child element preserved');
+});
+
+test('canonicalize: removes animation elements', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<rect fill="red">' +
+        '<animate attributeName="fill" to="blue" dur="1s"/>' +
+        '<animateTransform attributeName="transform" type="rotate" dur="2s"/>' +
+        '<set attributeName="fill" to="green"/>' +
+        '</rect></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<animate/i, 'no animate');
+    t.notMatch(result, /<animateTransform/i, 'no animateTransform');
+    t.notMatch(result, /<set[\s>]/i, 'no set');
+    t.match(result, /<rect/, 'rect preserved');
+});
+
+test('canonicalize: removes event-handler attributes', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)">' +
+        '<rect fill="red" onclick="alert(2)" onmouseover="alert(3)"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /onload/i, 'no onload');
+    t.notMatch(result, /onclick/i, 'no onclick');
+    t.notMatch(result, /onmouseover/i, 'no onmouseover');
+});
+
+test('canonicalize: removes event-handler attributes with full-width Unicode equivalents', async t => {
+    // Full-width Latin ｏｎload (U+FF4F U+FF4E) NFKC-normalizes to ASCII onload.
+    const fullWidthOn = '\uFF4F\uFF4E'; // ｏｎ
+    const input = `<svg xmlns="http://www.w3.org/2000/svg" ${fullWidthOn}load="alert(1)">` +
+        '<rect fill="red"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /alert/, 'payload stripped');
+    t.notOk(result.includes(`${fullWidthOn}load`), 'full-width attribute removed');
+    t.notMatch(result, /onload/i, 'no ASCII onload in output');
+});
+
+test('canonicalize: removes event-handler attributes with invisible format characters', async t => {
+    // U+200C (ZWNJ) is a valid XML NameChar and can be embedded to break
+    // naive /^on/ prefix checks.  normalizeAttrName strips it so on\u200Cclick
+    // is recognised as an event handler.
+    const input = '<svg xmlns="http://www.w3.org/2000/svg" on\u200Cclick="alert(1)">' +
+        '<rect fill="red"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /alert/, 'alert payload removed');
+    // The attribute with ZWNJ inside must not survive.
+    t.notOk(result.includes('on\u200Cclick'), 'on+ZWNJ+click attribute removed');
+});
+
+test('canonicalize: preserves all data-* attributes', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<rect fill="red" data-foo="bar" data-custom="value" data-paper-data="{invalid json}"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.match(result, /data-foo="bar"/, 'data-foo preserved');
+    t.match(result, /data-custom="value"/, 'data-custom preserved');
+    t.match(result, /data-paper-data/, 'data-paper-data preserved even with invalid JSON');
+    t.match(result, /fill="red"/, 'safe attributes preserved');
+});
+
+test('canonicalize: removes external href / xlink:href', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">' +
+        '<image href="https://evil.com/track.png"/>' +
+        '<image xlink:href="https://evil.com/xlink.png"/>' +
+        '<image href="data:image/png;base64,iVBORw0KGgo="/>' +
+        '<use href="#internal-ref"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /evil\.com/, 'no external URLs');
+    t.match(result, /data:image/, 'data: URI preserved');
+    t.match(result, /#internal-ref/, 'internal fragment ref preserved');
+});
+
+test('canonicalize: removes external CSS url() in presentation attributes', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<rect fill="url(https://evil.com/track)" stroke="url(#internal)"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /evil\.com/, 'external url() removed');
+    t.match(result, /url\(#internal\)/, 'internal url() preserved');
+});
+
+test('canonicalize: strips external url() from style attribute declarations', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<rect style="fill: url(https://evil.com/x); stroke: url(#ok); opacity: 0.5"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /evil\.com/, 'external url() removed from style');
+    t.match(result, /url\(#ok\)/, 'internal url() in style preserved');
+    t.match(result, /opacity/, 'safe declarations preserved');
+});
+
+test('canonicalize: removes <style> elements after inlining', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<style>.a { fill: red; }</style><rect class="a"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<style/i, 'no <style> element');
+    // Inlined styles should appear as style attribute
+    t.match(result, /fill/, 'fill style preserved (inlined)');
+});
+
+test('canonicalize: removes comments, doctype, and XML processing instructions', async t => {
+    const input = '<?xml version="1.0" encoding="UTF-8"?>' +
+        '<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">' +
+        '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<!-- secret comment --><rect fill="red"/></svg>';
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<!DOCTYPE/i, 'no doctype');
+    t.notMatch(result, /<\?xml/i, 'no XML processing instruction');
+    t.notMatch(result, /<!--/, 'no comments');
+});
+
+// Test against existing fixture files from the sanitize-svg corpus
+test('canonicalize: handles blocked-elements.svg fixture', async t => {
+    const input = fs.readFileSync(path.resolve(FIXTURE_DIR, 'blocked-elements.svg'), 'utf8');
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /foreignObject/i, 'no foreignObject');
+    t.notMatch(result, /<script/i, 'no script');
+    t.notMatch(result, /<animate[\s>]/i, 'no animate');
+    t.notMatch(result, /<set[\s>]/i, 'no set');
+    // Safe content survives
+    t.match(result, /<rect/, 'safe rect preserved');
+    t.match(result, /url\(#myMask\)/, 'internal mask reference preserved');
+});
+
+test('canonicalize: handles script.svg fixture', async t => {
+    const input = fs.readFileSync(path.resolve(FIXTURE_DIR, 'script.svg'), 'utf8');
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /<script/i, 'no script');
+    t.match(result, /<circle/, 'circle preserved');
+});
+
+test('canonicalize: handles external-hrefs.svg fixture', async t => {
+    const input = fs.readFileSync(path.resolve(FIXTURE_DIR, 'external-hrefs.svg'), 'utf8');
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /example\.com/, 'no external URLs');
+    // data: and # refs should be preserved
+    t.match(result, /data:image\/png/, 'data: URI preserved');
+    t.match(result, /#internal/, 'internal ref preserved');
+});
+
+test('canonicalize: handles css-links.svg fixture', async t => {
+    const input = fs.readFileSync(path.resolve(FIXTURE_DIR, 'css-links.svg'), 'utf8');
+    const result = await canonicalizeSvgText(input);
+    t.notMatch(result, /example\.com/, 'no external URLs');
+    t.notMatch(result, /<style/i, 'no style elements');
+    // Internal refs should survive
+    t.match(result, /url\(#myMask\)/, 'internal mask reference preserved');
+});
+
+test('canonicalize: handles metadata-onload.svg fixture gracefully', async t => {
+    // This fixture has intentionally malformed XML (split attribute name
+    // across a metadata element) that SVGO's strict SAX parser rejects.
+    // Verify the function degrades gracefully rather than throwing.
+    const input = fs.readFileSync(path.resolve(FIXTURE_DIR, 'metadata-onload.svg'), 'utf8');
+    const result = await canonicalizeSvgText(input);
+    t.type(result, 'string', 'returns a string (falls back to input)');
+});
+
+// ── 2. Visual fidelity: legitimate inputs render identically ───────────────
+
+test('visual fidelity: canonicalizeSvgText is visually transparent on cat costume', async t => {
+    const rawSvg = fs.readFileSync(path.resolve(FIXTURE_DIR, 'cat-costume.svg'), 'utf8');
+    const canonicalSvg = await canonicalizeSvgText(rawSvg);
+
+    const rawCanvas = await renderToCanvas(rawSvg);
+    const canonicalCanvas = await renderToCanvas(canonicalSvg);
+
+    const diff = countPixelDiffs(rawCanvas, canonicalCanvas);
+    t.ok(
+        diff <= PIXEL_DIFF_TOLERANCE,
+        `raw vs canonicalized cat costume: ${diff} differing pixels (tolerance ${PIXEL_DIFF_TOLERANCE})`
+    );
+});
+
+test('visual fidelity: canonicalized cat costume matches committed snapshot', async t => {
+    const rawSvg = fs.readFileSync(path.resolve(FIXTURE_DIR, 'cat-costume.svg'), 'utf8');
+    const canonicalSvg = await canonicalizeSvgText(rawSvg);
+    const canonicalCanvas = await renderToCanvas(canonicalSvg);
+
+    const snapshotPath = path.resolve(SNAPSHOT_DIR, 'cat-costume.canonicalized.png');
+    const updateRequested = process.env.TAP_SNAPSHOT === '1';
+    const snapshotExists = fs.existsSync(snapshotPath);
+    const relativeSnapshotPath = path.relative(__dirname, snapshotPath);
+
+    if (updateRequested) {
+        fs.mkdirSync(SNAPSHOT_DIR, {recursive: true});
+        fs.writeFileSync(snapshotPath, canonicalCanvas.toBuffer('image/png'));
+        t.pass(`snapshot ${snapshotExists ? 'updated' : 'created'} at ${relativeSnapshotPath}`);
+        return;
+    }
+
+    if (!snapshotExists) {
+        t.fail(
+            `missing snapshot at ${relativeSnapshotPath}. ` +
+            `Run with TAP_SNAPSHOT=1 to create it (and commit the result).`
+        );
+        return;
+    }
+
+    const baseline = await loadImage(snapshotPath);
+    const baselineCanvas = createCanvas(RENDER_WIDTH, RENDER_HEIGHT);
+    baselineCanvas.getContext('2d').drawImage(baseline, 0, 0);
+
+    const diff = countPixelDiffs(canonicalCanvas, baselineCanvas);
+    t.ok(
+        diff <= PIXEL_DIFF_TOLERANCE,
+        `canonicalized cat costume vs snapshot: ${diff} differing pixels (tolerance ${PIXEL_DIFF_TOLERANCE})`
+    );
+});
+
+// ── 3. Fixed point: canonicalize(canonicalize(x)) === canonicalize(x) ──────
+
+test('fixed point: clean SVG is stable', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<circle cx="50" cy="50" r="40" fill="red"/></svg>';
+    const first = await canonicalizeSvgText(input);
+    const second = await canonicalizeSvgText(first);
+    t.equal(first, second, 'clean SVG is a fixed point');
+});
+
+test('fixed point: attack-shaped SVG is stable after first pass', async t => {
+    const input = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<script>alert(1)</script>' +
+        '<foreignObject><body xmlns="http://www.w3.org/1999/xhtml">' +
+        '<img src="x" onerror="alert(2)"/></body></foreignObject>' +
+        '<a href="javascript:void(0)">' +
+        '<rect fill="red" data-foo="bar" onclick="alert(3)" data-paper-data="{invalid}"/></a>' +
+        '<animate attributeName="x" to="10"/>' +
+        '<rect fill="url(https://evil.com/x)" stroke="url(#ok)"/></svg>';
+    const first = await canonicalizeSvgText(input);
+    const second = await canonicalizeSvgText(first);
+    t.equal(first, second, 'attack-shaped SVG is a fixed point after first canonicalization');
+});
+
+test('fixed point: all parseable fixture files are stable', async t => {
+    // Some fixtures contain intentionally malformed XML (Illustrator custom
+    // entities, split attribute names) that SVGO's strict parser rejects.
+    // For those, canonicalize returns the input unchanged — which is itself
+    // a fixed point (identity function).  We still test them all.
+    const fixtureFiles = fs.readdirSync(FIXTURE_DIR)
+        .filter(f => f.endsWith('.svg') && !f.endsWith('.sanitized.svg'));
+    for (const file of fixtureFiles) {
+        const input = fs.readFileSync(path.resolve(FIXTURE_DIR, file), 'utf8');
+        const first = await canonicalizeSvgText(input);
+        const second = await canonicalizeSvgText(first);
+        t.equal(first, second, `${file} is a fixed point`);
+    }
+});
diff --git a/packages/scratch-svg-renderer/test/playwright/harness.html b/packages/scratch-svg-renderer/test/playwright/harness.html
new file mode 100644
index 00000000000..51ebbfb59b2
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/harness.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Sandbox Test Harness</title>
+</head>
+<body>
+<script src="../../src/sandbox/iframe-html.js"></script>
+<script src="../../src/sandbox/index.js"></script>
+</body>
+</html>
diff --git a/packages/scratch-svg-renderer/test/playwright/load-svg-string-harness.html b/packages/scratch-svg-renderer/test/playwright/load-svg-string-harness.html
new file mode 100644
index 00000000000..dcad96bcb6f
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/load-svg-string-harness.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>loadSvgString Integration Test Harness</title>
+</head>
+<body>
+<!--
+    Loads the pre-built web bundle which exposes window.ScratchSVGRenderer.
+    Run `npm run build` in packages/scratch-svg-renderer before running these tests.
+-->
+<script src="../../dist/web/scratch-svg-renderer.js"></script>
+<script>
+    // Expose loadSvgString at the top level for test convenience.
+    window.loadSvgString = ScratchSVGRenderer.loadSvgString;
+</script>
+</body>
+</html>
diff --git a/packages/scratch-svg-renderer/test/playwright/load-svg-string.spec.js b/packages/scratch-svg-renderer/test/playwright/load-svg-string.spec.js
new file mode 100644
index 00000000000..bd6fdee9093
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/load-svg-string.spec.js
@@ -0,0 +1,381 @@
+const {test, expect} = require('@playwright/test');
+
+/**
+ * Integration tests for loadSvgString — the full async pipeline from raw SVG
+ * string through sanitization, normalization, and (when needed) sandboxed
+ * iframe measurement via transformMeasurements.
+ */
+
+// --- Test fixtures ---
+
+// SVG with viewBox + width + height: takes the sync fast-path (no measurement).
+const SVG_WITH_VIEWBOX = '<svg xmlns="http://www.w3.org/2000/svg" ' +
+    'viewBox="0 0 100 80" width="100" height="80">' +
+    '<rect x="10" y="10" width="50" height="30" fill="blue"/>' +
+    '</svg>';
+
+// SVG with viewBox but no width/height: sets them from viewBox.baseVal (no measurement).
+const SVG_VIEWBOX_NO_DIMS = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 150">' +
+    '<circle cx="100" cy="75" r="50" fill="green"/>' +
+    '</svg>';
+
+// SVG without viewBox: triggers transformMeasurements (async iframe path).
+const SVG_NO_VIEWBOX = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<rect x="5" y="10" width="60" height="40" fill="red"/>' +
+    '</svg>';
+
+// SVG without viewBox and with a stroke: tests stroke-width enlargement.
+const SVG_NO_VIEWBOX_WITH_STROKE = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<rect x="10" y="20" width="80" height="50" fill="none" stroke="black" stroke-width="4"/>' +
+    '</svg>';
+
+// SVG with negative bbox coordinates (like some Scratch 2 costumes).
+const SVG_NEGATIVE_COORDS = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<circle cx="-20" cy="-10" r="30" fill="purple"/>' +
+    '</svg>';
+
+// Scratch 2-style SVG: no viewBox, has text elements that need quirks transforms.
+const SVG_V2_WITH_TEXT = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<text x="10" y="20" font-family="Helvetica" font-size="14">Hello World</text>' +
+    '</svg>';
+
+// SVG with a linear gradient missing x2 (Scratch 2 quirk).
+const SVG_V2_GRADIENT = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<defs><linearGradient id="g1"><stop offset="0" stop-color="red"/>' +
+    '<stop offset="1" stop-color="blue"/></linearGradient></defs>' +
+    '<rect x="0" y="0" width="100" height="100" fill="url(#g1)"/>' +
+    '</svg>';
+
+// Malformed SVG that should cause an error.
+const SVG_MALFORMED = '<not-svg>this is not valid</not-svg>';
+
+// SVG with text using a Scratch font family.
+const SVG_WITH_SCRATCH_FONT = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<text x="0" y="20" font-family="Sans Serif" font-size="18">Test text</text>' +
+    '</svg>';
+
+// A large SVG with many elements (for performance testing).
+const generateLargeSvg = (elementCount) => {
+    let rects = '';
+    for (let i = 0; i < elementCount; i++) {
+        rects += `<rect x="${i % 100}" y="${Math.floor(i / 100)}" width="1" height="1" fill="red"/>`;
+    }
+    return `<svg xmlns="http://www.w3.org/2000/svg">${rects}</svg>`;
+};
+
+test.beforeEach(async ({page}) => {
+    await page.goto('load-svg-string-harness.html');
+    await page.waitForFunction(
+        () => typeof window.loadSvgString === 'function'
+    );
+});
+
+test('SVG with viewBox and dimensions resolves with correct attributes', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg);
+        return {
+            width: svgTag.getAttribute('width'),
+            height: svgTag.getAttribute('height'),
+            viewBox: svgTag.getAttribute('viewBox'),
+            tagName: svgTag.tagName
+        };
+    }, SVG_WITH_VIEWBOX);
+
+    expect(result.tagName).toBe('svg');
+    expect(result.width).toBe('100');
+    expect(result.height).toBe('80');
+    expect(result.viewBox).toBe('0 0 100 80');
+});
+
+test('SVG with viewBox but no dimensions gets width/height from viewBox', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg);
+        return {
+            width: svgTag.getAttribute('width'),
+            height: svgTag.getAttribute('height'),
+            viewBox: svgTag.getAttribute('viewBox')
+        };
+    }, SVG_VIEWBOX_NO_DIMS);
+
+    expect(result.width).toBe('200');
+    expect(result.height).toBe('150');
+    expect(result.viewBox).toBe('0 0 200 150');
+});
+
+test('SVG without viewBox gets viewBox/width/height from iframe measurement', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg);
+        return {
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height')),
+            viewBox: svgTag.getAttribute('viewBox')
+        };
+    }, SVG_NO_VIEWBOX);
+
+    // The rect is at (5, 10) with size (60, 40), bbox = (5, 10, 60, 40).
+    // transformStrokeWidths adds default stroke-width=1 to graphics elements,
+    // so findLargestStrokeWidth returns 1, halfStrokeWidth = 0.5, enlarging by 1.
+    expect(result.width).toBeCloseTo(61, 0);
+    expect(result.height).toBeCloseTo(41, 0);
+    expect(result.viewBox).toBeDefined();
+    // viewBox origin shifts by -halfStrokeWidth
+    const vb = result.viewBox.split(' ').map(Number);
+    expect(vb[0]).toBeCloseTo(4.5, 0);
+    expect(vb[1]).toBeCloseTo(9.5, 0);
+    expect(vb[2]).toBeCloseTo(61, 0);
+    expect(vb[3]).toBeCloseTo(41, 0);
+});
+
+test('SVG without viewBox applies stroke-width enlargement to measured bbox', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg);
+        return {
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height')),
+            viewBox: svgTag.getAttribute('viewBox')
+        };
+    }, SVG_NO_VIEWBOX_WITH_STROKE);
+
+    // Rect at (10, 20), size (80, 50), stroke-width 4 → half = 2
+    // Expected: viewBox = (8, 18, 84, 54), width = 84, height = 54
+    expect(result.width).toBeCloseTo(84, 0);
+    expect(result.height).toBeCloseTo(54, 0);
+    const vb = result.viewBox.split(' ').map(Number);
+    expect(vb[0]).toBeCloseTo(8, 0);
+    expect(vb[1]).toBeCloseTo(18, 0);
+    expect(vb[2]).toBeCloseTo(84, 0);
+    expect(vb[3]).toBeCloseTo(54, 0);
+});
+
+test('SVG with negative bbox coordinates measured correctly', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg);
+        return {
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height')),
+            viewBox: svgTag.getAttribute('viewBox')
+        };
+    }, SVG_NEGATIVE_COORDS);
+
+    // Circle at (-20, -10), r=30 → bbox = (-50, -40, 60, 60).
+    // Default stroke-width=1 enlargement: +1 on each dimension.
+    expect(result.width).toBeCloseTo(61, 0);
+    expect(result.height).toBeCloseTo(61, 0);
+    const vb = result.viewBox.split(' ').map(Number);
+    expect(vb[0]).toBeCloseTo(-50.5, 0);
+    expect(vb[1]).toBeCloseTo(-40.5, 0);
+});
+
+test('v2 SVG applies text transforms and measures correctly', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg, true /* fromVersion2 */);
+        // Check that text transforms were applied
+        const textEl = svgTag.querySelector('text');
+        const hasAlignmentBaseline = textEl ?
+            textEl.getAttribute('alignment-baseline') === 'text-before-edge' : false;
+        return {
+            hasViewBox: svgTag.hasAttribute('viewBox'),
+            hasWidth: svgTag.hasAttribute('width'),
+            hasHeight: svgTag.hasAttribute('height'),
+            hasAlignmentBaseline,
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height'))
+        };
+    }, SVG_V2_WITH_TEXT);
+
+    expect(result.hasViewBox).toBe(true);
+    expect(result.hasWidth).toBe(true);
+    expect(result.hasHeight).toBe(true);
+    expect(result.hasAlignmentBaseline).toBe(true);
+    // Dimensions should be non-zero (measured from iframe)
+    expect(result.width).toBeGreaterThan(0);
+    expect(result.height).toBeGreaterThan(0);
+});
+
+test('v2 SVG applies gradient x2 fixup', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg, true /* fromVersion2 */);
+        const gradient = svgTag.querySelector('linearGradient');
+        return {
+            x2: gradient ? gradient.getAttribute('x2') : null,
+            hasViewBox: svgTag.hasAttribute('viewBox')
+        };
+    }, SVG_V2_GRADIENT);
+
+    // Scratch 2 quirk: missing x2 should be set to '0'
+    expect(result.x2).toBe('0');
+    expect(result.hasViewBox).toBe(true);
+});
+
+test('malformed SVG rejects with an error', async ({page}) => {
+    const error = await page.evaluate(async (svg) => {
+        try {
+            await window.loadSvgString(svg);
+            return null;
+        } catch (e) {
+            return {message: e.message};
+        }
+    }, SVG_MALFORMED);
+
+    expect(error).not.toBeNull();
+    expect(error.message).toContain('does not appear to be SVG');
+});
+
+test('multiple loadSvgString calls share a single measurement iframe', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        // Two SVGs without viewBox — both trigger measurement.
+        const svg1 = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="0" y="0" width="30" height="20" fill="red"/></svg>';
+        const svg2 = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="0" y="0" width="50" height="40" fill="blue"/></svg>';
+
+        await window.loadSvgString(svg1);
+        await window.loadSvgString(svg2);
+
+        // Count iframes in the document — the singleton sandbox
+        // should create only one.
+        const iframeCount = document.querySelectorAll('iframe').length;
+        return {iframeCount};
+    });
+
+    expect(result.iframeCount).toBe(1);
+});
+
+test('concurrent loadSvgString calls resolve with correct results', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const svg1 = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="0" y="0" width="30" height="20" fill="red"/></svg>';
+        const svg2 = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="0" y="0" width="70" height="55" fill="blue"/></svg>';
+        const svg3 = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="5" y="5" width="100" height="80" fill="green"/></svg>';
+
+        // Fire all three concurrently
+        const [tag1, tag2, tag3] = await Promise.all([
+            window.loadSvgString(svg1),
+            window.loadSvgString(svg2),
+            window.loadSvgString(svg3)
+        ]);
+
+        return {
+            w1: Number(tag1.getAttribute('width')),
+            h1: Number(tag1.getAttribute('height')),
+            w2: Number(tag2.getAttribute('width')),
+            h2: Number(tag2.getAttribute('height')),
+            w3: Number(tag3.getAttribute('width')),
+            h3: Number(tag3.getAttribute('height'))
+        };
+    });
+
+    // Each SVG gets +1 from default stroke-width enlargement.
+    expect(results.w1).toBeCloseTo(31, 0);
+    expect(results.h1).toBeCloseTo(21, 0);
+    expect(results.w2).toBeCloseTo(71, 0);
+    expect(results.h2).toBeCloseTo(56, 0);
+    expect(results.w3).toBeCloseTo(101, 0);
+    expect(results.h3).toBeCloseTo(81, 0);
+});
+
+test('first loadSvgString call succeeds (iframe created on demand)', async ({page}) => {
+    // This test verifies that the very first call — when no iframe exists
+    // yet — waits for iframe load and then resolves correctly.
+    const result = await page.evaluate(async () => {
+        const svg = '<svg xmlns="http://www.w3.org/2000/svg">' +
+            '<rect x="0" y="0" width="42" height="33" fill="red"/></svg>';
+
+        // Ensure no iframes exist before the call.
+        const before = document.querySelectorAll('iframe').length;
+        const svgTag = await window.loadSvgString(svg);
+        const after = document.querySelectorAll('iframe').length;
+
+        return {
+            beforeIframes: before,
+            afterIframes: after,
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height'))
+        };
+    });
+
+    expect(result.beforeIframes).toBe(0);
+    expect(result.afterIframes).toBe(1);
+    // +1 from default stroke-width enlargement
+    expect(result.width).toBeCloseTo(43, 0);
+    expect(result.height).toBeCloseTo(34, 0);
+});
+
+test('large SVG with many elements does not time out', async ({page}) => {
+    // The generated SVG has no viewBox, so it triggers the full sandbox
+    // measurement path (transformMeasurements via the iframe).
+    const largeSvg = generateLargeSvg(5000);
+
+    const result = await page.evaluate(async (svg) => {
+        const start = performance.now();
+        const svgTag = await window.loadSvgString(svg);
+        const elapsed = performance.now() - start;
+        return {
+            hasViewBox: svgTag.hasAttribute('viewBox'),
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height')),
+            elapsed
+        };
+    }, largeSvg);
+
+    expect(result.hasViewBox).toBe(true);
+    expect(result.width).toBeGreaterThan(0);
+    expect(result.height).toBeGreaterThan(0);
+    // Should complete well within the sandbox timeout (30s).
+    // 10s is generous; typical should be <2s.
+    expect(result.elapsed).toBeLessThan(10000);
+});
+
+test('text SVG with Scratch font produces non-zero bbox', async ({page}) => {
+    const result = await page.evaluate(async (svg) => {
+        const svgTag = await window.loadSvgString(svg, true /* fromVersion2 */);
+        return {
+            width: Number(svgTag.getAttribute('width')),
+            height: Number(svgTag.getAttribute('height')),
+            hasViewBox: svgTag.hasAttribute('viewBox')
+        };
+    }, SVG_WITH_SCRATCH_FONT);
+
+    expect(result.hasViewBox).toBe(true);
+    // Text should have measurable dimensions
+    expect(result.width).toBeGreaterThan(0);
+    expect(result.height).toBeGreaterThan(0);
+});
+
+test('text measurement via sandbox matches direct getBBox in parent', async ({page}) => {
+    // Verifies that the sandbox measures text the same way as the parent DOM.
+    // A system font (monospace) is used so both contexts see identical glyphs
+    // without any font injection. fromVersion2 is omitted so no text transforms
+    // are applied before the sandbox measurement — the sandbox and parent both
+    // measure the same SVG.
+    const svgWithSystemFont = '<svg xmlns="http://www.w3.org/2000/svg">' +
+        '<text font-family="monospace" font-size="18">Test text</text>' +
+        '</svg>';
+
+    const result = await page.evaluate(async (svg) => {
+        // Direct measurement in the parent document (no transforms applied).
+        const container = document.createElement('span');
+        container.innerHTML = svg;
+        document.body.appendChild(container);
+        const directBbox = container.children[0].getBBox();
+        document.body.removeChild(container);
+
+        // Measurement via loadSvgString (sandbox path, no viewBox → async measurement).
+        const svgTag = await window.loadSvgString(svg);
+        const viewBox = svgTag.viewBox.baseVal;
+
+        return {
+            directWidth: directBbox.width,
+            directHeight: directBbox.height,
+            // viewBox dimensions include the default stroke-width enlargement (+1px each).
+            iframeWidth: viewBox.width,
+            iframeHeight: viewBox.height
+        };
+    }, svgWithSystemFont);
+
+    // The sandbox must produce the same bbox as the parent DOM
+    expect(result.iframeWidth).toBe(result.directWidth + 1);
+    expect(result.iframeHeight).toBe(result.directHeight + 1);
+});
diff --git a/packages/scratch-svg-renderer/test/playwright/measure-harness.html b/packages/scratch-svg-renderer/test/playwright/measure-harness.html
new file mode 100644
index 00000000000..2764b887e66
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/measure-harness.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Measure SVG Test Harness</title>
+</head>
+<body>
+<script src="../../src/sandbox/iframe-html.js"></script>
+<script src="../../src/sandbox/index.js"></script>
+<script src="../../src/sandbox/measure-svg-script.js"></script>
+</body>
+</html>
diff --git a/packages/scratch-svg-renderer/test/playwright/measure-svg.spec.js b/packages/scratch-svg-renderer/test/playwright/measure-svg.spec.js
new file mode 100644
index 00000000000..7e8ebf48d63
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/measure-svg.spec.js
@@ -0,0 +1,301 @@
+const fs = require('fs');
+const path = require('path');
+const {test, expect} = require('@playwright/test');
+
+/**
+ * Playwright tests for the display-side iframe measurement script.
+ *
+ * These tests verify that SVG bounding-box measurement inside a sandboxed
+ * iframe produces the same results as the current in-process
+ * transformMeasurements approach (getBBox on the parent document.body).
+ */
+
+const FIXTURE_DIR = path.resolve(__dirname, '../fixtures');
+
+const catCostumeSvg = fs.readFileSync(
+    path.resolve(FIXTURE_DIR, 'cat-costume.svg'), 'utf8'
+);
+
+// A simple SVG rectangle for basic measurement verification.
+const simpleSvg = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<rect x="10" y="20" width="100" height="50" fill="red"/>' +
+    '</svg>';
+
+// An SVG with text using a Scratch font family, for verifying
+// that fonts are loaded inside the iframe.
+const textSvg = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<text x="10" y="30" font-family="Sans Serif" font-size="18">Hello</text>' +
+    '</svg>';
+
+// An SVG drawn in negative coordinates (like some Scratch 2 costumes).
+const negativeBboxSvg = '<svg xmlns="http://www.w3.org/2000/svg">' +
+    '<circle cx="-20" cy="-10" r="30" fill="blue"/>' +
+    '</svg>';
+
+test.beforeEach(async ({page}) => {
+    await page.goto('measure-harness.html');
+    await page.waitForFunction(
+        () => typeof window.Sandbox === 'function' &&
+              typeof window.createMeasureSvgScript === 'function'
+    );
+});
+
+/**
+ * Helper: measure an SVG string by appending it directly to the parent
+ * page's document.body (the current in-process approach). Used as a
+ * reference to compare against sandbox-based measurement.
+ * @param {import('@playwright/test').Page} page
+ * @param {string} svgString
+ * @returns {Promise<{x: number, y: number, width: number, height: number}>}
+ */
+const measureDirect = async function (page, svgString) {
+    return page.evaluate(svg => {
+        const container = document.createElement('span');
+        container.innerHTML = svg;
+        document.body.appendChild(container);
+        try {
+            const bbox = container.children[0].getBBox();
+            return {
+                x: bbox.x,
+                y: bbox.y,
+                width: bbox.width,
+                height: bbox.height
+            };
+        } finally {
+            document.body.removeChild(container);
+        }
+    }, svgString);
+};
+
+/**
+ * Helper: measure an SVG using the sandboxed measurement script.
+ * `fontCSS` is optional; when omitted, an empty string is used (no fonts).
+ * @param {import('@playwright/test').Page} page
+ * @param {string} svgString
+ * @param {string} [fontCSS]
+ * @returns {Promise<{x: number, y: number, width: number, height: number}>}
+ */
+const measureSandboxed = async function (page, svgString, fontCSS = '') {
+    return page.evaluate(async ({svg, css}) => {
+        const script = window.createMeasureSvgScript(css);
+        const sandbox = new window.Sandbox(script);
+        try {
+            return await sandbox.send(svg);
+        } finally {
+            sandbox.destroy();
+        }
+    }, {svg: svgString, css: fontCSS});
+};
+
+// --- Core measurement ---
+
+test('measures a simple rect SVG correctly', async ({page}) => {
+    const result = await measureSandboxed(page, simpleSvg);
+    expect(result).toEqual({x: 10, y: 20, width: 100, height: 50});
+});
+
+test('measurements match direct getBBox for a simple SVG', async ({page}) => {
+    const direct = await measureDirect(page, simpleSvg);
+    const sandboxed = await measureSandboxed(page, simpleSvg);
+    expect(sandboxed).toEqual(direct);
+});
+
+test('measurements match direct getBBox for the cat costume', async ({page}) => {
+    const direct = await measureDirect(page, catCostumeSvg);
+    const sandboxed = await measureSandboxed(page, catCostumeSvg);
+    // Sub-pixel tolerance: float comparison for potential rounding differences.
+    expect(sandboxed.x).toBeCloseTo(direct.x, 1);
+    expect(sandboxed.y).toBeCloseTo(direct.y, 1);
+    expect(sandboxed.width).toBeCloseTo(direct.width, 1);
+    expect(sandboxed.height).toBeCloseTo(direct.height, 1);
+});
+
+test('handles SVGs with negative bounding-box coordinates', async ({page}) => {
+    const result = await measureSandboxed(page, negativeBboxSvg);
+    // Circle at cx=-20, cy=-10, r=30 → bbox should be roughly (-50, -40, 60, 60)
+    expect(result.x).toBeCloseTo(-50, 1);
+    expect(result.y).toBeCloseTo(-40, 1);
+    expect(result.width).toBeCloseTo(60, 1);
+    expect(result.height).toBeCloseTo(60, 1);
+});
+
+test('negative-bbox measurements match direct getBBox', async ({page}) => {
+    const direct = await measureDirect(page, negativeBboxSvg);
+    const sandboxed = await measureSandboxed(page, negativeBboxSvg);
+    expect(sandboxed).toEqual(direct);
+});
+
+// --- Batch processing ---
+
+test('batch measurement returns an array of results', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const script = window.createMeasureSvgScript('');
+        const sandbox = new window.Sandbox(script);
+        try {
+            return await sandbox.send([
+                '<svg xmlns="http://www.w3.org/2000/svg"><rect x="0" y="0" width="10" height="10" fill="red"/></svg>',
+                '<svg xmlns="http://www.w3.org/2000/svg"><rect x="5" y="5" width="20" height="30" fill="blue"/></svg>'
+            ]);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results).toHaveLength(2);
+    expect(results[0]).toEqual({x: 0, y: 0, width: 10, height: 10});
+    expect(results[1]).toEqual({x: 5, y: 5, width: 20, height: 30});
+});
+
+test('single item returns a single object (not an array)', async ({page}) => {
+    const result = await measureSandboxed(page, simpleSvg);
+    expect(result).not.toBeInstanceOf(Array);
+    expect(result).toHaveProperty('x');
+    expect(result).toHaveProperty('width');
+});
+
+// --- Iframe reuse ---
+
+test('sandbox iframe is reused across multiple measurements', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const script = window.createMeasureSvgScript('');
+        const sandbox = new window.Sandbox(script);
+        try {
+            const r1 = await sandbox.send(
+                '<svg xmlns="http://www.w3.org/2000/svg"><rect x="0" y="0" width="10" height="10" fill="red"/></svg>'
+            );
+            const r2 = await sandbox.send(
+                '<svg xmlns="http://www.w3.org/2000/svg"><rect x="0" y="0" width="20" height="20" fill="red"/></svg>'
+            );
+            const iframeCount = document.querySelectorAll('iframe').length;
+            return {r1, r2, iframeCount};
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results.r1).toEqual({x: 0, y: 0, width: 10, height: 10});
+    expect(results.r2).toEqual({x: 0, y: 0, width: 20, height: 20});
+    expect(results.iframeCount).toBe(1);
+});
+
+// --- Error handling ---
+
+test('rejects on invalid SVG content', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const script = window.createMeasureSvgScript('');
+        const sandbox = new window.Sandbox(script);
+        try {
+            return await sandbox.send('not-an-svg')
+                .catch(e => ({errorMessage: e.message}));
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(error).toHaveProperty('errorMessage');
+});
+
+// --- Font loading ---
+
+test('text bbox with Scratch fonts matches direct measurement', async ({page}) => {
+    // Inject Scratch fonts into the parent page (simulating what
+    // scratch-render-fonts does) and build the font CSS string.
+    const fontCSS = await page.evaluate(() => {
+        // Create minimal @font-face CSS for Sans Serif using a
+        // system-available fallback. In production, the real base64-encoded
+        // font data from scratch-render-fonts is used.
+        //
+        // For this test, inject the same CSS into both the parent page
+        // and the iframe to ensure the comparison is fair.
+        const css = '@font-face { font-family: "Sans Serif"; src: local("Arial"), local("Helvetica"); }';
+        const style = document.createElement('style');
+        style.textContent = css;
+        document.head.appendChild(style);
+        return css;
+    });
+
+    const direct = await measureDirect(page, textSvg);
+    const sandboxed = await measureSandboxed(page, textSvg, fontCSS);
+
+    // Text bbox can vary slightly depending on font rendering; use
+    // generous tolerance.
+    expect(sandboxed.x).toBeCloseTo(direct.x, 0);
+    expect(sandboxed.y).toBeCloseTo(direct.y, 0);
+    expect(sandboxed.width).toBeCloseTo(direct.width, 0);
+    expect(sandboxed.height).toBeCloseTo(direct.height, 0);
+});
+
+test('font @font-face rules are injected into the iframe', async ({page}) => {
+    // createMeasureSvgScript embeds the CSS into an IIFE that runs before
+    // window.onSandboxMessage is set. Appending a replacement handler lets
+    // us verify the @font-face rule was injected by querying document.fonts.
+    const fontNames = await page.evaluate(async () => {
+        const css = '@font-face { font-family: "TestFont"; src: local("Arial"); }';
+        const script = window.createMeasureSvgScript(css) + `
+            window.onSandboxMessage = function () {
+                var names = [];
+                document.fonts.forEach(function (f) { names.push(f.family); });
+                return names;
+            };
+            `;
+        const sandbox = new window.Sandbox(script);
+        try {
+            return await sandbox.send(null);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(fontNames).toContain('TestFont');
+});
+
+// Opaque-origin enforcement is tested directly in sandbox.spec.js.
+// The test below checks the CSP directives that are specific to SVG measurement
+// (style-src and font-src are required for inline font injection to work).
+test('CSP includes style-src and font-src directives', async ({page}) => {
+    const cspContent = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function () {
+                var metas = document.querySelectorAll('meta[http-equiv]');
+                for (var i = 0; i < metas.length; i++) {
+                    if (metas[i].httpEquiv === 'Content-Security-Policy') {
+                        return metas[i].content;
+                    }
+                }
+                return null;
+            };
+        `);
+        try {
+            return await sandbox.send(null);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(cspContent).toContain("style-src 'unsafe-inline'");
+    expect(cspContent).toContain('font-src data:');
+});
+
+// --- SVG cleanup after measurement ---
+
+test('SVG is removed from iframe DOM after measurement', async ({page}) => {
+    const bodyChildren = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (payload) {
+                if (payload === 'measure') {
+                    var container = document.createElement('span');
+                    container.innerHTML = '<svg xmlns="http://www.w3.org/2000/svg"><rect width="10" height="10"/></svg>';
+                    document.body.appendChild(container);
+                    var bbox = container.children[0].getBBox();
+                    document.body.removeChild(container);
+                    return { x: bbox.x, y: bbox.y, width: bbox.width, height: bbox.height };
+                }
+                // Just count body.children (excludes the script tag in head)
+                return document.body.children.length;
+            }
+        `);
+        try {
+            await sandbox.send('measure');
+            return await sandbox.send('count');
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    // Only the script element should be in the body (from the srcdoc HTML)
+    expect(bodyChildren).toBeLessThanOrEqual(1);
+});
diff --git a/packages/scratch-svg-renderer/test/playwright/sandbox.spec.js b/packages/scratch-svg-renderer/test/playwright/sandbox.spec.js
new file mode 100644
index 00000000000..4151bc9780f
--- /dev/null
+++ b/packages/scratch-svg-renderer/test/playwright/sandbox.spec.js
@@ -0,0 +1,445 @@
+const {test, expect} = require('@playwright/test');
+
+/**
+ * Playwright tests for the Sandbox iframe-host primitive.
+ *
+ * These tests exercise real browser behaviour that jsdom cannot replicate:
+ * opaque-origin enforcement, CSP violations, and iframe lifecycle.
+ */
+
+test.beforeEach(async ({page}) => {
+    await page.goto('harness.html');
+    // Wait for the harness to expose Sandbox on window.
+    await page.waitForFunction(() => typeof window.Sandbox === 'function');
+});
+
+test('basic script execution returns a result', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function (p) { return p.a + p.b; }'
+        );
+        try {
+            return await sandbox.send({a: 2, b: 3});
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(result).toBe(5);
+});
+
+test('iframe is removed from DOM after destroy', async ({page}) => {
+    await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return "done"; }'
+        );
+        await sandbox.send(null);
+        sandbox.destroy();
+    });
+
+    const iframeCount = await page.evaluate(() =>
+        document.querySelectorAll('iframe').length
+    );
+    expect(iframeCount).toBe(0);
+});
+
+test('iframe has opaque origin (window.origin is "null")', async ({page}) => {
+    const origin = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return window.origin; }'
+        );
+        try {
+            return await sandbox.send(null);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(origin).toBe('null');
+});
+
+test('iframe cannot access parent.location', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function () {
+                try {
+                    return parent.location.href;
+                } catch (e) {
+                    return {threw: true, message: e.message};
+                }
+            }
+        `);
+        try {
+            return await sandbox.send(null);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(result).toHaveProperty('threw', true);
+});
+
+test('fetch is blocked by CSP (no connect-src)', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = async function () {
+                try {
+                    await fetch('https://example.com');
+                    return {blocked: false};
+                } catch (e) {
+                    return {blocked: true, message: e.message};
+                }
+            }
+        `);
+        try {
+            return await sandbox.send(null);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(result).toHaveProperty('blocked', true);
+});
+
+test('script errors are propagated as rejections', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { throw new Error("test error"); }'
+        );
+        try {
+            return await sandbox.send(null).catch(e => ({message: e.message}));
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(error).toHaveProperty('message', 'test error');
+});
+
+test('missing onSandboxMessage definition rejects', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            '/* no onSandboxMessage defined */'
+        );
+        try {
+            return await sandbox.send(null).catch(e => ({message: e.message}));
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(error.message).toContain('did not define window.onSandboxMessage');
+});
+
+test('timeout rejects when script never responds', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return new Promise(() => {}); }',
+            {timeoutMs: 500}
+        );
+        try {
+            return await sandbox.send(null).catch(e => ({message: e.message}));
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(error.message).toContain('timed out');
+});
+
+test('async onSandboxMessage is supported', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (p) {
+                return new Promise(function (resolve) {
+                    setTimeout(function () { resolve(p.x * 2); }, 50);
+                });
+            }
+        `);
+        try {
+            return await sandbox.send({x: 21});
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(result).toBe(42);
+});
+
+test('iframe is created with sandbox="allow-scripts" attribute', async ({page}) => {
+    const sandboxAttr = await page.evaluate(async () => {
+        const originalAppendChild = document.body.appendChild.bind(document.body);
+        let capturedSandbox = null;
+        document.body.appendChild = function (node) {
+            if (node.tagName === 'IFRAME') {
+                capturedSandbox = node.getAttribute('sandbox');
+            }
+            return originalAppendChild(node);
+        };
+
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return true; }'
+        );
+        try {
+            await sandbox.send(null);
+            return capturedSandbox;
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(sandboxAttr).toBe('allow-scripts');
+});
+
+test('iframe srcdoc contains CSP meta tag', async ({page}) => {
+    const srcdoc = await page.evaluate(async () => {
+        const originalAppendChild = document.body.appendChild.bind(document.body);
+        let capturedSrcdoc = null;
+        document.body.appendChild = function (node) {
+            if (node.tagName === 'IFRAME') {
+                capturedSrcdoc = node.srcdoc;
+            }
+            return originalAppendChild(node);
+        };
+
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return true; }'
+        );
+        try {
+            await sandbox.send(null);
+            return capturedSrcdoc;
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(srcdoc).toContain('Content-Security-Policy');
+    expect(srcdoc).toContain("default-src 'none'");
+    expect(srcdoc).toContain("script-src 'unsafe-inline' 'unsafe-eval'");
+});
+
+// --- Persistent iframe reuse tests ---
+
+test('iframe is reused across send calls', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            var counter = 0;
+            window.onSandboxMessage = function () {
+                counter++;
+                return counter;
+            };
+        `);
+        try {
+            const r1 = await sandbox.send(null);
+            const r2 = await sandbox.send(null);
+            const r3 = await sandbox.send(null);
+            return [r1, r2, r3];
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    // Counter increments across calls within the same iframe context.
+    expect(results).toEqual([1, 2, 3]);
+});
+
+test('script is evaluated only once', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            if (!window.__evalCount) window.__evalCount = 0;
+            window.__evalCount++;
+            window.onSandboxMessage = function () {
+                return window.__evalCount;
+            };
+        `);
+        try {
+            const r1 = await sandbox.send(null);
+            const r2 = await sandbox.send(null);
+            return [r1, r2];
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    // Script only evaluated once, so __evalCount stays at 1.
+    expect(results).toEqual([1, 1]);
+});
+
+test('destroy removes iframe from DOM', async ({page}) => {
+    const iframeCount = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return true; }'
+        );
+        await sandbox.send(null);
+        sandbox.destroy();
+        return document.querySelectorAll('iframe').length;
+    });
+    expect(iframeCount).toBe(0);
+});
+
+test('destroy rejects in-flight calls', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(
+            'window.onSandboxMessage = function () { return new Promise(() => {}); }'
+        );
+        const pending = sandbox.send(null).catch(e => ({message: e.message}));
+        // Give the iframe time to start loading.
+        await new Promise(resolve => setTimeout(resolve, 100));
+        sandbox.destroy();
+        return pending;
+    });
+    expect(error.message).toContain('Sandbox destroyed');
+});
+
+test('is recreated after destroy', async ({page}) => {
+    const result = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            var count = 0;
+            window.onSandboxMessage = function () { return ++count; };
+        `);
+        await sandbox.send(null); // returns 1 on first iframe
+        sandbox.destroy();
+        // After destroy, the next send creates a fresh iframe with count at 0.
+        return sandbox.send(null); // fresh iframe: returns 1
+    });
+    expect(result).toBe(1);
+});
+
+test('multiple concurrent sends resolve independently', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (p) {
+                return new Promise(function (resolve) {
+                    setTimeout(function () { resolve(p.id); }, p.delay);
+                });
+            }
+        `);
+        try {
+            return await Promise.all([
+                sandbox.send({id: 'a', delay: 80}),
+                sandbox.send({id: 'b', delay: 10}),
+                sandbox.send({id: 'c', delay: 40})
+            ]);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results).toEqual(['a', 'b', 'c']);
+});
+
+// --- Array payloads (batch-style processing) ---
+
+test('array payload: processes all items in one round-trip', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (items) {
+                return items.map(function (x) { return x * 2; });
+            }
+        `);
+        try {
+            return await sandbox.send([1, 2, 3, 4, 5]);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results).toEqual([2, 4, 6, 8, 10]);
+});
+
+test('array payload: preserves order with async handlers', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (items) {
+                return Promise.all(items.map(function (p) {
+                    return new Promise(function (resolve) {
+                        setTimeout(function () { resolve(p.id); }, p.delay);
+                    });
+                }));
+            }
+        `);
+        try {
+            return await sandbox.send([
+                {id: 'slow', delay: 80},
+                {id: 'fast', delay: 10},
+                {id: 'medium', delay: 40}
+            ]);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results).toEqual(['slow', 'fast', 'medium']);
+});
+
+test('array payload: rejects if handler throws', async ({page}) => {
+    const error = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (items) {
+                return Promise.all(items.map(function (p) {
+                    if (p === 'bad') throw new Error('payload failed');
+                    return p;
+                }));
+            }
+        `);
+        try {
+            return await sandbox.send(['ok', 'bad', 'ok']).catch(e => ({message: e.message}));
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(error.message).toContain('payload failed');
+});
+
+test('array payload: empty array returns empty results', async ({page}) => {
+    const results = await page.evaluate(async () => {
+        const sandbox = new window.Sandbox(`
+            window.onSandboxMessage = function (items) {
+                return items.map(function (x) { return x; });
+            }
+        `);
+        try {
+            return await sandbox.send([]);
+        } finally {
+            sandbox.destroy();
+        }
+    });
+    expect(results).toEqual([]);
+});
+
+// --- Performance comparison test ---
+test('reused sandbox is faster than creating a new one per call', async ({page}) => {
+    const {freshMs, reusedMs, batchMs} = await page.evaluate(async () => {
+        const ITERATIONS = 500;
+        const BATCH_SIZE = 20;
+        const script = 'window.onSandboxMessage = function (p) { return p * 2; }';
+        const batchScript = `window.onSandboxMessage = function (items) {
+            return items.map(function (x) { return x * 2; });
+        }`;
+
+        // Fresh sandbox per call: create + send + destroy each time.
+        const freshStart = performance.now();
+        for (let i = 0; i < ITERATIONS; i++) {
+            const sb = new window.Sandbox(script);
+            await sb.send(i);
+            sb.destroy();
+        }
+        const freshEnd = performance.now();
+
+        // Reused: one sandbox, N sequential single-item sends.
+        const reusedStart = performance.now();
+        const sandbox = new window.Sandbox(script);
+        for (let i = 0; i < ITERATIONS; i++) {
+            await sandbox.send(i);
+        }
+        sandbox.destroy();
+        const reusedEnd = performance.now();
+
+        // Batch: one sandbox, sends BATCH_SIZE items per round-trip.
+        const batchStart = performance.now();
+        const sandbox2 = new window.Sandbox(batchScript);
+        for (let i = 0; i < ITERATIONS; i += BATCH_SIZE) {
+            const chunk = Array.from({length: BATCH_SIZE}, (_, j) => i + j);
+            await sandbox2.send(chunk);
+        }
+        sandbox2.destroy();
+        const batchEnd = performance.now();
+
+        return {
+            freshMs: freshEnd - freshStart,
+            reusedMs: reusedEnd - reusedStart,
+            batchMs: batchEnd - batchStart
+        };
+    });
+
+    // Reused sandbox should be substantially faster than creating a fresh iframe per call.
+    expect(reusedMs * 1.5).toBeLessThan(freshMs);
+    // Batch sends ITERATIONS/BATCH_SIZE round-trips instead of ITERATIONS,
+    // so it must be faster than sequential sends.
+    expect(batchMs * 1.5).toBeLessThan(reusedMs);
+});
diff --git a/packages/scratch-svg-renderer/test/snapshots/cat-costume.canonicalized.png b/packages/scratch-svg-renderer/test/snapshots/cat-costume.canonicalized.png
new file mode 100644
index 00000000000..a993ec4f6db
Binary files /dev/null and b/packages/scratch-svg-renderer/test/snapshots/cat-costume.canonicalized.png differ
diff --git a/packages/scratch-svg-renderer/test/snapshots/cat-costume.sanitized.png b/packages/scratch-svg-renderer/test/snapshots/cat-costume.sanitized.png
index 9012a4b2e4d..a993ec4f6db 100644
Binary files a/packages/scratch-svg-renderer/test/snapshots/cat-costume.sanitized.png and b/packages/scratch-svg-renderer/test/snapshots/cat-costume.sanitized.png differ
diff --git a/packages/scratch-svg-renderer/webpack.config.js b/packages/scratch-svg-renderer/webpack.config.js
index 9f97a32f220..b23e3c0c048 100644
--- a/packages/scratch-svg-renderer/webpack.config.js
+++ b/packages/scratch-svg-renderer/webpack.config.js
@@ -10,7 +10,7 @@ const findMonorepoRoot = () => {
     while (currentDir !== path.parse(currentDir).root) {
         if (fs.existsSync(path.join(currentDir, 'package.json'))) {
             try {
-                const pkg = require(path.join(currentDir, 'package.json')); // eslint-disable-line global-require
+                const pkg = require(path.join(currentDir, 'package.json'));
                 if (pkg.workspaces) {
                     return currentDir;
                 }
diff --git a/packages/scratch-vm/src/import/load-costume.js b/packages/scratch-vm/src/import/load-costume.js
index 25dba394654..db3254ee7cf 100644
--- a/packages/scratch-vm/src/import/load-costume.js
+++ b/packages/scratch-vm/src/import/load-costume.js
@@ -3,13 +3,14 @@ const log = require('../util/log');
 const {loadSvgString, serializeSvgToString} = require('@scratch/scratch-svg-renderer');
 
 const loadVector_ = function (costume, runtime, rotationCenter, optVersion) {
-    return new Promise(resolve => {
+    return (async () => {
         let svgString = costume.asset.decodeText();
         // SVG Renderer load fixes "quirks" associated with Scratch 2 projects
         if (optVersion && optVersion === 2) {
             // scratch-svg-renderer fixes syntax that causes loading issues,
             // and if optVersion is 2, fixes "quirks" associated with Scratch 2 SVGs,
-            const fixedSvgString = serializeSvgToString(loadSvgString(svgString, true /* fromVersion2 */));
+            const svgTag = await loadSvgString(svgString, true /* fromVersion2 */);
+            const fixedSvgString = serializeSvgToString(svgTag);
 
             // If the string changed, put back into storage
             if (svgString !== fixedSvgString) {
@@ -22,8 +23,9 @@ const loadVector_ = function (costume, runtime, rotationCenter, optVersion) {
         }
 
         // createSVGSkin does the right thing if rotationCenter isn't provided, so it's okay if it's
-        // undefined here
-        costume.skinId = runtime.renderer.createSVGSkin(svgString, rotationCenter);
+        // undefined here.
+        // eslint-disable-next-line require-atomic-updates
+        costume.skinId = await runtime.renderer.createSVGSkin(svgString, rotationCenter);
         costume.size = runtime.renderer.getSkinSize(costume.skinId);
         // Now we should have a rotationCenter even if we didn't before
         if (!rotationCenter) {
@@ -33,8 +35,8 @@ const loadVector_ = function (costume, runtime, rotationCenter, optVersion) {
             costume.bitmapResolution = 1;
         }
 
-        resolve(costume);
-    });
+        return costume;
+    })();
 };
 
 const canvasPool = (function () {
diff --git a/packages/scratch-vm/test/integration/load-costume-async.js b/packages/scratch-vm/test/integration/load-costume-async.js
new file mode 100644
index 00000000000..3cee61f9dce
--- /dev/null
+++ b/packages/scratch-vm/test/integration/load-costume-async.js
@@ -0,0 +1,124 @@
+/**
+ * Tests that loadVector_ correctly awaits the async loadSvgString pipeline.
+ *
+ * Uses t.mockRequire to substitute a delayed loadSvgString, verifying that
+ * load-costume properly awaits the async result before proceeding.
+ */
+const tap = require('tap');
+
+const ORIGINAL_SVG = '<svg xmlns="http://www.w3.org/2000/svg"><rect/></svg>';
+const FIXED_SVG = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 10 10" width="10" height="10"><rect/></svg>';
+
+const createMockAsset = (svgString, assetId = 'test-asset-id') => ({
+    assetId,
+    assetType: {runtimeFormat: 'svg'},
+    dataFormat: 'svg',
+    data: Buffer.from(svgString, 'utf8'),
+    _text: svgString,
+    decodeText () {
+        return this._text;
+    },
+    encodeTextData (text, format, generateId) {
+        this._text = text;
+        this.data = Buffer.from(text, 'utf8');
+        if (generateId) {
+            this.assetId = `new-asset-id-${text.length}`;
+        }
+    }
+});
+
+const createMockRuntime = () => ({
+    storage: {
+        DataFormat: {SVG: 'svg'},
+        AssetType: {ImageVector: {runtimeFormat: 'svg'}}
+    },
+    renderer: {
+        createSVGSkin () {
+            return Promise.resolve(42);
+        },
+        getSkinSize () {
+            return [100, 80];
+        },
+        getSkinRotationCenter () {
+            return [50, 40];
+        }
+    }
+});
+
+tap.test('loadVector_ awaits async loadSvgString before creating skin', async t => {
+    let resolveLoad;
+    const loadPromise = new Promise(resolve => {
+        resolveLoad = resolve;
+    });
+
+    const {loadCostumeFromAsset} = t.mockRequire('../../src/import/load-costume', {
+        '@scratch/scratch-svg-renderer': {
+            loadSvgString () {
+                return loadPromise;
+            },
+            serializeSvgToString () {
+                return FIXED_SVG;
+            }
+        }
+    });
+
+    const runtime = createMockRuntime();
+    let skinCreated = false;
+    runtime.renderer.createSVGSkin = () => {
+        skinCreated = true;
+        return Promise.resolve(42);
+    };
+
+    const costume = {
+        asset: createMockAsset(ORIGINAL_SVG),
+        assetId: 'id',
+        md5: 'id.svg',
+        dataFormat: 'svg',
+        name: 'test'
+    };
+
+    const resultPromise = loadCostumeFromAsset(costume, runtime, 2);
+
+    // Skin should not be created yet — loadSvgString hasn't resolved.
+    t.equal(skinCreated, false, 'skin not created before loadSvgString resolves');
+
+    // Now resolve the async load.
+    resolveLoad({mock: true});
+    await resultPromise;
+
+    t.equal(skinCreated, true, 'skin created after loadSvgString resolves');
+    t.equal(costume.skinId, 42);
+});
+
+tap.test('loadVector_ handles loadSvgString rejection gracefully', async t => {
+    const {loadCostumeFromAsset} = t.mockRequire('../../src/import/load-costume', {
+        '@scratch/scratch-svg-renderer': {
+            loadSvgString () {
+                return Promise.reject(new Error('measurement failed'));
+            },
+            serializeSvgToString () {
+                return '';
+            }
+        }
+    });
+
+    const runtime = createMockRuntime();
+    runtime.storage.defaultAssetId = {ImageVector: 'default-vector-id'};
+    runtime.storage.get = assetId => createMockAsset(
+        '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1"></svg>',
+        assetId
+    );
+
+    const costume = {
+        asset: createMockAsset(ORIGINAL_SVG, 'broken-id'),
+        assetId: 'broken-id',
+        md5: 'broken-id.svg',
+        dataFormat: 'svg',
+        name: 'broken-costume'
+    };
+
+    const result = await loadCostumeFromAsset(costume, runtime, 2);
+
+    t.ok(result.broken, 'costume is marked as broken on rejection');
+    t.equal(result.broken.assetId, 'broken-id');
+});