feat: implement ABC music notation rendering and offline desktop support

[ThisIs-Developer]

Summary

This Pull Request introduces native support for parsing, rendering, and exporting ABC Music Notation inside markdown documents (using fenced ```abc blocks). In addition, it secures the application against CVE-2024-13551 (Stored XSS) and resolves a critical build pipeline bug in the Neutralino desktop environment where lazy-loaded libraries were left un-packaged during offline compiles.

---

Key Features & Implementations

1. Fenced Code Block Tokenizer & Compiler

• Intercepts language === "abc" blocks in both the Web Worker (preview-worker.js) and the main-thread fallback compiler (script.js).
• Generates lightweight container placeholders to keep parsing threads fast and responsive.

2. Viewport-Driven & Batch Rendering

• Integrated IntersectionObserver in the post-processing lifecycle to only invoke abcjs layout calculations when a stave scrolls into view.
• Leverages progressive batch yielding (setTimeout(..., 0)) to yield execution back to the browser's paint loop, protecting scroll performance on larger files.
• Inherits the FNV-1a block hashing cache system to prevent unmodified ABC blocks from executing redundant renders.

3. Pure CSS Theme Adaptation

• Configured abcjs options with { add_classes: true } and added stroke/fill mappings using CSS variable currentColor inside styles.css.
• Staff lines, clefs, note heads, and stems invert instantly at 60fps when dark mode is toggled, without executing any JavaScript.

4. Screen Reader Accessibility

• Silenced visual SVG paths for screen readers by adding role="img" to the root <svg>.
• Dynamically extracts tune metadata (T: Title, C: Composer, K: Key, M: Meter) to inject <title> and <desc> tags linked via aria-labelledby.
• Appends visually hidden raw ABC code wrappers (.abc-sr-only) linked via aria-describedby for blind musicians.
• Created a keyboard-accessible toolbar above staves with a toggle button (aria-pressed) to switch between the sheet music and raw code text.

5. Stored XSS Mitigation (CVE-2024-13551)

• Secured metadata annotations against script injections by running DOMPurify on the container after the SVG output is written.
• Whitelisted role, aria-labelledby, and aria-describedby inside the PREVIEW_SANITIZE_OPTIONS dictionary.

6. Export Functionality

• HTML Export: Automatically packages abcjs lazy-loaders and loads rendering hooks on document launch.
• PDF Export: Pre-renders the ABC sheets in the print sandbox and converts the resulting SVGs to Base64 <img> tags, allowing html2canvas and jsPDF to compile and paginate staves without clipping or rendering artifacts.

7. Desktop Offline Assets Fix

• Resolved a defect in desktop-app/prepare.js where dynamic libraries (mermaid, MathJax, jsPDF, html2canvas, pako, joypixels, and abcjs) were omitted from offline compilation.
• Upgraded checksum verification to support cdnjs sha512 integrity hashes and bundled all assets locally inside /libs/ for 100% offline desktop execution.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
markdown-viwer	Ready	Preview, Comment	Jun 14, 2026 7:06am

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[cloudflare-workers-and-pages]

Deploying markdown-viewer with    Cloudflare Pages

Latest commit:	4ced698
Status:	✅  Deploy successful!
Preview URL:	https://59b205a5.markdown-viewer.pages.dev
Branch Preview URL:	https://feature-abc-notation.markdown-viewer.pages.dev

View logs

[cloudflare-workers-and-pages]

Deploying markdownviewer with    Cloudflare Pages

Latest commit:	4ced698
Status:	✅  Deploy successful!
Preview URL:	https://49cf235c.markdownviewer.pages.dev
Branch Preview URL:	https://feature-abc-notation.markdownviewer.pages.dev

View logs