feat(core): Respect Mask boundaries when reading sentry-label

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

When Session Replay masking is active, sentry-label values may contain text derived from component content (via autoInjectSentryLabel from the Babel plugin). This PR ensures those labels are not leaked into touch breadcrumbs when:

1. maskAllText is enabled (the default when mobileReplayIntegration is present) — sentry-label is skipped entirely.
2. The touched element is inside a Sentry.Mask boundary — sentry-label and text extraction from children are both skipped.

Fallback labels (accessibilityLabel, aria-label, testID, custom labelName) continue to work in all cases, since they are developer-provided identifiers rather than user-visible text content.

Implementation details

• Extracted _isMaskAllTextEnabled() from the existing _shouldExtractText() method for reuse.
• Added hasAncestorMask() to traverse the fiber tree upward and detect RNSentryReplayMask ancestors.
• Updated getLabelValue() to accept a readSentryLabel flag that gates the sentry-label lookup.
• Updated getTouchedComponentInfo() to pass the mask state through.

💡 Motivation and Context

Closes #6114

With autoInjectSentryLabel enabled by default (PR #6141), the Babel plugin injects sentry-label props derived from static text content. Without this change, masked text would leak into breadcrumbs via sentry-label, defeating the purpose of replay masking.

💚 How did you test it?

• Added 8 new tests covering all masking scenarios:
  • sentry-label skipped when maskAllText is enabled
  • sentry-label skipped when maskAllText defaults to true
  • sentry-label read when maskAllText is explicitly false
  • sentry-label skipped inside RNSentryReplayMask ancestor (name and displayName)
  • sentry-label read when no replay integration is present
  • Mask ancestor check skipped when maskAllText is already enabled
  • Text extraction skipped inside Mask ancestor
• All 50 tests pass
• Build and lint pass

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• feat(core): Respect Mask boundaries when reading sentry-label by antonis in #6142

• chore(deps): update Bundler Plugins to v5.3.0 by github-actions in #6138
• chore: Merge 8.11.1 back to main by antonis in #6135
• chore: Update warning regarding iOS crash in sentry-cocoa 9.12.0 by antonis in #6136
• chore(deps): update CLI to v3.4.2 by github-actions in #6129
• chore(deps): bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.26.2 to 2.26.3 by dependabot in #6126
• chore(deps): bump getsentry/craft from 2.26.2 to 2.26.3 by dependabot in #6127
• chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by dependabot in #6128
• feat(core): Extract text from children of touched components for breadcrumb labels by antonis in #6106
• chore(deps): bump @babel/plugin-transform-modules-systemjs from 7.25.0 to 7.29.4 by dependabot in #6124
• chore(deps): bump fast-uri from 3.0.1 to 3.1.2 by dependabot in #6121
• chore(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by dependabot in #6120
• chore(deps): bump socks to ^2.8.8 to fix ip-address vulnerability by antonis in #6117
• chore(deps): bump uuid to ^13.0.1 to fix buffer bounds check vulnerability by antonis in #6118
• test(replay): Add passthrough tests for device-state replay breadcrumbs by antonis in #6115
• chore(deps): update JavaScript SDK to v10.52.0 by github-actions in #6108
• chore(deps): bump basic-ftp from 5.3.0 to 5.3.1 by dependabot in #6111

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

	Fails
🚫	Pull request is not ready for merge, please add the "ready-to-merge" label to the pull request

	Messages
📖	Do not forget to update Sentry-docs with your feature once the pull request gets approved.

Generated by 🚫 dangerJS against 615b359

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 615b359. Configure here.}

[lucas-zimerman]

LGMT!