Hey, this is Steve from tldraw.

Today we shipped tldraw SDK version 4.5. This release improves how we handle click-through on transparent images, automatically sanitizes SVG uploads, makes embed options work on a per-editor basis, and more.

You can read the full release notes here, or check out the highlights below.

Clicking through transparent image backgrounds

Clicking into the transparent section of an image now passes the click through to shapes behind them. Previously, we treated images as solid rectangles regardless of content, so a transparent image would block clicks to anything underneath.

To make this work, we extract and cache a low-res opacity map for each image, then check it during hit testing to decide if a click should pass through or land on the shape.

Sanitizing SVGs for external content

We now sanitize pasted and imported SVG files before storing them as assets. This protects against embedded scripts, event handlers, cross-origin references, and other XSS vectors that can exist in SVG documents. The sanitization runs for all SVG entry points: text paste, file drop, and image replacement.

If you need custom sanitization logic you can override the external content handlers.

Making embed configuration more consistent

Each editor instance can now have its own set of supported embed types. In older versions changing the supported embeds for one editor would change them everywhere.

Supported embeds now live on the shape util's options, configured per-instance via configure(), aligning embeds with the same options pattern used by TextShapeUtil, DrawShapeUtil, FrameShapeUtil, and other shape utils.

And more!

• Improved arrow behavior and performance

• Fixed circular dependencies across @tldraw/state, @tldraw/editor, and @tldraw/tldraw

• Improved image rendering for high quality images

• 25 other bug fixes

As always, thanks to all of the developers this month who opened issues or built something awesome with the tldraw SDK. Follow us on Twitter/X or join us on Discord for more discussion and to share your work!