[Bug] Rendering fails when node contains hidden control character `\x01` (SOH)

[CMJNB]

Expected Behavior

The library should be able to process nodes containing control characters by either sanitizing them or successfully converting them to an image, as these characters are technically valid in HTML text content.

Current Behavior

When a node contains ASCII control characters like \x01 (SOH), the rendering process fails. The internal image element triggers an error because these characters are illegal in XML 1.0, which breaks the SVG serialization that html-to-image relies on.

Console error observed:
Event {isTrusted: true, type: 'error', target: img, currentTarget: img, eventPhase: 2, …}

Possible Solution

The library should sanitize the string before embedding it into the SVG. Specifically, it should strip or escape non-printable ASCII control characters (range \x00-\x08, \x0B, \x0C, \x0E-\x1F) that are invalid in XML/SVG 1.0.

Steps To Reproduce

1. Create elements containing various control characters.
2. Attempt to capture them using htmlToImage.toPng().
3. Observe that "Illegal" characters cause the library to fail (Event Error).

Code snippet for testing multiple characters:

// Test characters that are invalid in XML 1.0
const testChars = {
  soh: "\x01", // Start of Heading (Reported Bug)
  stx: "\x02", // Start of Text
  bel: "\x07", // Bell
  bs:  "\x08", // Backspace
};

async function runReproduction() {
  console.log("Starting reproduction test...");
  for (const [name, char] of Object.entries(testChars)) {
    const node = document.createElement('div');
    node.style.padding = '20px';
    node.innerHTML = `Test for ${name}: [${char}]`;
    document.body.appendChild(node);

    try {
      // Version 1.11.13
      await htmlToImage.toPng(node);
      console.log(`✅ ${name} passed`);
    } catch (e) {
      console.error(`❌ ${name} failed: `, e);
    } finally {
      document.body.removeChild(node);
    }
  }
}

runReproduction();

Error Message & Stack Trace

Event {isTrusted: true, type: 'error', target: img, currentTarget: img, eventPhase: 2, …}
// Note: Some browsers may log "error on line 1 at column XX: PCDATA invalid Char value 1" in the network/parser trace.

Additional Context

This issue is critical when dealing with data imported from legacy systems or copy-pasted text that might contain hidden control characters. It causes the entire screenshot feature to break silently or produce broken images.

---

This bug report was generated with the assistance of Gemini (AI).

Your Environment

• html-to-image: 1.11.13 (via jsDelivr)
• OS: Windows 11
• Browser: Edge 146.0.3856.62

[biiibooo]

👋 @CMJNB

Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it.
To help make it easier for us to investigate your issue, please follow the contributing guidelines.

We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.