alexei.dolgolyov
03a1b30cd8
Security: - Replace inline onclick handlers with data-attribute event delegation (XSS fix) - Remove auth tokens from URL query params; use Authorization header + blob URLs - Defer artwork blob URL revocation to prevent ERR_FILE_NOT_FOUND Reliability: - Merge duplicate DOMContentLoaded listeners - WebSocket exponential backoff reconnect (3s base, 30s max, 20 attempts) - Connection banner with manual reconnect button after failures UX: - Toast notifications now stack (multiple visible simultaneously) - Custom styled confirm dialog replacing native confirm() - Drag-to-seek on progress bars (mouse + touch) - Keyboard shortcuts: Space, arrows, M for media controls - Browser search matches both filename and title - Path separator auto-detection (Unix/Windows) Accessibility: - WAI-ARIA Tabs pattern (tablist, tab, tabpanel roles) - Arrow/Home/End keyboard navigation in tab bar - ARIA slider roles on progress bars with live value updates - aria-label on volume sliders, aria-live on status dot Performance: - Thumbnail cache (Map, max 200 entries, LRU eviction) - Skip revocation of cached blob URLs during grid re-render - Blob URL cleanup on page unload Visual polish: - Vinyl mode uses CSS custom properties (works in light + dark themes) - Light theme shadow overrides for containers, dialogs, toasts - Optimized system font stack Code quality: - Scoped button reset, merged duplicate CSS selectors - WCAG AA contrast fix for --text-muted - Normalized CSS to consistent 4-space indentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
32 KiB
32 KiB