Reader for <svg-region> regions. Renders the embedded SVG inline (or in a sandboxed iframe srcdoc for untrusted content), verifies <captured-hash> against the embedded <svg-content> CDATA via WebCrypto SHA-256, and sanitizes by default (strips <script>, <foreignObject>, and event handler attributes). Surfaces metadata above the rendered SVG: title, source, captured-at, captured-by, purpose, sandbox mode, sanitization mode. /g, '>').replace(/"/g, '"'); } // Sanitize SVG via DOMParser walk: // strict: strip