chore(website): v1.13.16 update + presentation docs + security headers + Store-only Windows + em-dash cleanup by nelsonduarte · Pull Request #101 · nelsonduarte/PDFApps

nelsonduarte · 2026-06-21T14:52:39Z

Summary

Website refresh covering 8 tasks: version bump to v1.13.16, presentation annotations documentation, security headers via _headers, em-dash cleanup, skip-link refactor, Windows-Store-only downloads.

Changes

Content updates

feat: add Convert tool (PDF to PNG/JPG/DOCX/TXT) #1 Version bumps - 8 sites updated from v1.13.10/v1.11.0 to v1.13.16 (footers + eyebrows across all pages).
add missing LICENSE file + Hypercommit badge #2 Changelog entries - Added 6 entries for v1.13.11 through v1.13.16 with feature highlights. "Latest" badge moved to v1.13.16.
feat: comment popup, page navigation, right-click delete #3 Presentation annotations - Documented in features.html and docs.html with tool table (P/H/E/L/C shortcuts), HUD reference, and session-only behavior.

Security hardening

feat: add PDF search with Ctrl+F #4 _headers - New docs/_headers with CSP, HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy (disabling geolocation/microphone/camera/payment/usb).
feat: add multi-language support (EN/PT) #5 Skip-link refactor - Inline onfocus/onblur handlers and style="..." moved to script.js + styles.css to enable strict CSP script-src 'self' / style-src 'self'.

Polish

feat: recent files menu and password confirmation #6 Em-dashes removed - 80 occurrences in HTML content replaced with hyphens or natural punctuation. 1 in styles.css (decorative comment) kept.
chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 #7 Privacy "Last updated" - Unchanged (no material privacy policy changes this session).
chore(deps): bump actions/download-artifact from 4.3.0 to 8.0.1 #8 Windows Store-only - Removed direct .exe download buttons (NSIS installer + portable); Windows users now directed exclusively to Microsoft Store for auto-updates and platform validation.

Validation

HTML structure: all div/section tags balanced across 6 pages
JS syntax: node -c script.js OK
CSS: 189 braces balanced
Em-dash count: 80 (HTML content) -> 0; 1 in CSS comment (decorative, kept)

No code changes

This PR touches only docs/ and the new _headers file. APP_VERSION not modified.

Updates hero eyebrow, download eyebrow, and footer version links on index/download/docs/changelog/features/privacy. Stale v1.11.0 footer references on docs.html and features.html are now in sync. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Adds six release entries with bulleted highlights, moves the 'Latest' badge to v1.13.16, and demotes v1.13.10 to a regular entry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

…ions Expands the Presentation (F5) card in features.html and adds a tools table with shortcuts in docs.html. Calls out that annotations are ephemeral (session-only) and never modify the source PDF. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

…and styles.css Replaces 6 inline style/onfocus/onblur blocks with a single .skip-link CSS rule (driven by :focus + .is-focused) plus a JS focus/blur handler that mirrors the class for browsers that strip focus on click. Keeps the accent color theme-driven via var(--accent) instead of hard-coding #10a597. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

… policies Cloudflare Pages reads _headers and applies the rules to all routes. CSP allows 'self' plus Google Fonts (stylesheet + woff2) and the shields.io stars badge embedded on the home page. Inline styles are still required by current markup (kept 'unsafe-inline' for style-src only; script-src is strict 'self'). Frame embedding is disabled. If the site moves back to bare GitHub Pages these headers must be configured in the Cloudflare dashboard instead — the file header documents that fallback path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Removes 80 U+2014 em-dashes from the six HTML pages (titles, OG and Twitter meta tags, and body copy). Each occurrence was rewritten with either a hyphen, a comma, a colon, or a semicolon depending on the sentence flow; nothing was machine-replaced blindly. The decorative em-dash on line 1 of styles.css (CSS comment banner) is left intact. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Removes direct .exe (NSIS installer and portable) download buttons for Windows. Users on Windows are now directed exclusively to the Microsoft Store listing, which provides automatic updates and platform validation. Linux (AppImage, tar.gz) and macOS (DMG) downloads remain available directly from GitHub Releases since those platforms don't have an equivalent app store presence.

nelsonduarte and others added 7 commits June 21, 2026 15:41

docs(changelog): add entries for v1.13.11 through v1.13.16

29b8451

Adds six release entries with bulleted highlights, moves the 'Latest' badge to v1.13.16, and demotes v1.13.10 to a regular entry. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

nelsonduarte merged commit af0cf78 into main Jun 21, 2026
3 checks passed

nelsonduarte deleted the chore/website-v16-update branch June 21, 2026 14:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(website): v1.13.16 update + presentation docs + security headers + Store-only Windows + em-dash cleanup#101

chore(website): v1.13.16 update + presentation docs + security headers + Store-only Windows + em-dash cleanup#101
nelsonduarte merged 7 commits into
mainfrom
chore/website-v16-update

nelsonduarte commented Jun 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

nelsonduarte commented Jun 21, 2026

Summary

Changes

Content updates

Security hardening

Polish

Validation

No code changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant