From 9498ee6bfeeec5b87eb86775dbb23f7ee4924030 Mon Sep 17 00:00:00 2001
From: Tilman Vatteroth <git@tilmanvatteroth.de>
Date: Thu, 17 Jun 2021 21:07:04 +0200
Subject: [PATCH 1/5] Remove cdn support

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
---
 app.js                           |  1 -
 docs/content/configuration.md    |  1 -
 lib/config/default.js            |  1 -
 lib/config/environment.js        |  1 -
 lib/config/hackmdEnvironment.js  |  1 -
 lib/config/oldDefault.js         |  1 -
 lib/csp.js                       |  7 -----
 public/views/hedgedoc/footer.ejs | 23 --------------
 public/views/hedgedoc/head.ejs   | 10 ------
 public/views/index/footer.ejs    | 11 -------
 public/views/index/head.ejs      | 10 ------
 public/views/pretty.ejs          | 28 -----------------
 public/views/shared/polyfill.ejs |  7 -----
 public/views/slide.ejs           | 29 ------------------
 test/csp.js                      | 16 ----------
 webpack.common.js                | 52 --------------------------------
 16 files changed, 199 deletions(-)
 delete mode 100644 public/views/shared/polyfill.ejs

diff --git a/app.js b/app.js
index 45e70c8b..878c8572 100644
--- a/app.js
+++ b/app.js
@@ -191,7 +191,6 @@ app.engine('ejs', ejs.renderFile)
 // set view engine
 app.set('view engine', 'ejs')
 // set generally available variables for all views
-app.locals.useCDN = config.useCDN
 app.locals.serverURL = config.serverURL
 app.locals.sourceURL = config.sourceURL
 app.locals.allowAnonymous = config.allowAnonymous
diff --git a/docs/content/configuration.md b/docs/content/configuration.md
index c6e3fc3e..a19c749d 100644
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@@ -98,7 +98,6 @@ these are rarely used for various reasons.
 | config file     | environment          | **default** and example value | description                                                                                                                                                                    |
 | --------------- | -------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | `allowGravatar` | `CMD_ALLOW_GRAVATAR` | **`true`** or `false`         | set to `false` to disable [Libravatar](https://www.libravatar.org/) as profile picture source on your instance. Libravatar is a federated open-source alternative to Gravatar. |
-| `useCDN`        | `CMD_USECDN`         | **`false`** or `true`         | set to use CDN resources or not (default is `false`)                                                                                                                           |
 
 ## Users and Privileges
 
diff --git a/lib/config/default.js b/lib/config/default.js
index c1f3f973..f98adf37 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -29,7 +29,6 @@ module.exports = {
   },
   cookiePolicy: 'lax',
   protocolUseSSL: false,
-  useCDN: false,
   allowAnonymous: true,
   allowAnonymousEdits: false,
   allowFreeURL: false,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 1a43a88f..e9b711ff 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -27,7 +27,6 @@ module.exports = {
   cookiePolicy: process.env.CMD_COOKIE_POLICY,
   protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
   allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
-  useCDN: toBooleanConfig(process.env.CMD_USECDN),
   allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
index 76e41361..c40ffc96 100644
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@@ -20,7 +20,6 @@ module.exports = {
   },
   protocolUseSSL: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
-  useCDN: toBooleanConfig(process.env.HMD_USECDN),
   allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
   allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js
index 738ad9f7..c9af5098 100644
--- a/lib/config/oldDefault.js
+++ b/lib/config/oldDefault.js
@@ -6,7 +6,6 @@ module.exports = {
   alloworigin: undefined,
   usessl: undefined,
   protocolusessl: undefined,
-  usecdn: undefined,
   allowanonymous: undefined,
   allowanonymousedits: undefined,
   allowfreeurl: undefined,
diff --git a/lib/csp.js b/lib/csp.js
index 74404413..76426d52 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -15,12 +15,6 @@ const defaultDirectives = {
   connectSrc: ['*']
 }
 
-const cdnDirectives = {
-  scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
-  styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
-  fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
-}
-
 const disqusDirectives = {
   scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
   styleSrc: ['https://*.disquscdn.com'],
@@ -39,7 +33,6 @@ CspStrategy.computeDirectives = function () {
   const directives = {}
   mergeDirectives(directives, config.csp.directives)
   mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives)
-  mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
   mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
   mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
   mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
diff --git a/public/views/hedgedoc/footer.ejs b/public/views/hedgedoc/footer.ejs
index 86572091..c3927db7 100644
--- a/public/views/hedgedoc/footer.ejs
+++ b/public/views/hedgedoc/footer.ejs
@@ -1,28 +1,5 @@
 <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-y9JZetUlOMMh4hOP7XzJyCxx5xFrN4qSiBRIHfns3Dk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.2/lodash.min.js" integrity="sha256-Cv5v4i4SuYvwRYzIONifZjoc99CkwfncROMSWat1cVA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.1/socket.io.js" integrity="sha256-0FUwWDJ65tQsnnxtK/o5aTM880+kQzktw2mfTBF36Zs=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.18.1/highlight.min.js" integrity="sha256-eOgo0OtLL4cdq7RdwRUiGKLX9XsIJ7nGhWEKbohmVAQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-<%- include('../build/index-scripts') %>
-<% } else { %>
 <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
 <%- include('../build/index-pack-scripts') %>
-<% } %>
diff --git a/public/views/hedgedoc/head.ejs b/public/views/hedgedoc/head.ejs
index 419d5dcc..c2321fcc 100644
--- a/public/views/hedgedoc/head.ejs
+++ b/public/views/hedgedoc/head.ejs
@@ -15,15 +15,5 @@
 <% } %>
 <base href="<%- serverURL %>/">
 <title><%= title %></title>
-<% if(useCDN) { %>
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-social/4.9.0/bootstrap-social.min.css" integrity="sha256-02JtFTurpwBjQJ6q13iJe82/NF0RbZlJroDegK5g87Y=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-<%- include('../build/index-header') %>
-<%- include('../shared/polyfill') %>
-<% } else { %>
 <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
 <%- include('../build/index-pack-header') %>
-<% } %>
diff --git a/public/views/index/footer.ejs b/public/views/index/footer.ejs
index c9532f6d..c6469cc0 100644
--- a/public/views/index/footer.ejs
+++ b/public/views/index/footer.ejs
@@ -1,12 +1 @@
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/list.pagination.js/0.1.1/list.pagination.min.js" integrity="sha256-WwTza96H3BgcQTfEfxX7MFaFc/dZA0QrPRKDRLdFHJo=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js" integrity="sha256-HzzZFiY4t0PIv02Tm8/R3CVvLpcjHhO1z/YAUCp4oQ4=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script>
-<%- include('../build/cover-scripts') %>
-<% } else { %>
 <%- include('../build/cover-pack-scripts') %>
-<% } %>
diff --git a/public/views/index/head.ejs b/public/views/index/head.ejs
index a6e79e35..a6751bbf 100644
--- a/public/views/index/head.ejs
+++ b/public/views/index/head.ejs
@@ -16,14 +16,4 @@
 <meta property="og:image:type" content="image/png">
 <base href="<%- serverURL %>/">
 <title>HedgeDoc - <%= __('Collaborative markdown notes') %></title>
-<% if(useCDN) { %>
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-social/4.9.0/bootstrap-social.min.css" integrity="sha256-02JtFTurpwBjQJ6q13iJe82/NF0RbZlJroDegK5g87Y=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.4/select2.min.css" integrity="sha256-ijlUKKj3hJCiiT2HWo1kqkI79NTEYpzOsw5Rs3k42dI=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.4/select2-bootstrap.min.css" integrity="sha256-NAWFcNIZdH+TS1xpWujF/EB/Y8gwBbEOCoaK/eqaer8=" crossorigin="anonymous" />
-<%- include('../build/cover-header') %>
-<%- include('../shared/polyfill') %>
-<% } else { %>
 <%- include('../build/cover-pack-header') %>
-<% } %>
diff --git a/public/views/pretty.ejs b/public/views/pretty.ejs
index fc222cb8..97274ba1 100644
--- a/public/views/pretty.ejs
+++ b/public/views/pretty.ejs
@@ -25,17 +25,8 @@
     <base href="<%- serverURL %>/">
     <title><%= title %></title>
     <%- include('includes/favicon.ejs') %>
-  <% if(useCDN) { %>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-    <%- include('build/pretty-header') %>
-    <%- include('shared/polyfill') %>
-  <% } else { %>
     <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
     <%- include('build/pretty-pack-header') %>
-  <% } %>
 </head>
 
 <body style="display:none;">
@@ -80,27 +71,8 @@
 
 </html>
 <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.18.1/highlight.min.js" integrity="sha256-eOgo0OtLL4cdq7RdwRUiGKLX9XsIJ7nGhWEKbohmVAQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-<%- include('build/pretty-scripts') %>
-<% } else { %>
 <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
 <%- include('build/pretty-pack-scripts') %>
-<% } %>
 <%- include('shared/ga') %>
diff --git a/public/views/shared/polyfill.ejs b/public/views/shared/polyfill.ejs
deleted file mode 100644
index 82b2f025..00000000
--- a/public/views/shared/polyfill.ejs
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
-<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-<!--[if lt IE 9]>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" integrity="sha256-3Jy/GbSLrg0o9y5Z5n1uw0qxZECH7C6OQpVBgNFYa0g=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js" integrity="sha256-g6iAfvZp+nDQ2TdTR/VVKJf3bGro4ub5fvWSWVRi2NE=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.9/es5-shim.min.js" integrity="sha256-8E4Is26QH0bD52WoQpcB+R/tcWQtpzlCojrybUd7Mxo=" crossorigin="anonymous"></script>
-<![endif]-->
diff --git a/public/views/slide.ejs b/public/views/slide.ejs
index e08ca057..5837737c 100644
--- a/public/views/slide.ejs
+++ b/public/views/slide.ejs
@@ -14,19 +14,9 @@
         <base href="<%- serverURL %>/">
         <title><%= title %></title>
         <%- include('includes/favicon.ejs') %>
-
-        <% if(useCDN) { %>
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.7.0/css/reveal.min.css" integrity="sha256-9+Wg2bcNeiOMGXOUNqBdceY2lAH/eCiTDcdzHhHIl48=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-        <%- include('build/slide-header') %>
-        <%- include('shared/polyfill') %>
-        <% } else { %>
         <link rel="stylesheet" href="<%- serverURL %>/build/reveal.js/css/reveal.css">
         <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
         <%- include('build/slide-pack-header') %>
-        <% } %>
 
         <!-- For reveal.js theme -->
         <% if(typeof theme !== 'undefined' && theme) { %>
@@ -87,29 +77,10 @@
         </div>
 
         <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-        <% if(useCDN) { %>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.9.2/js/reveal.js" integrity="sha512-VMwkG0MdbDSSM3wUzu6Ny450qkGMXTuBJdN1ssTZPTNWBkXxSYuvhW/o6eu7YQ2H1X2X1thKs6xdt8+obhX4Gg==" crossorigin="anonymous"></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-y9JZetUlOMMh4hOP7XzJyCxx5xFrN4qSiBRIHfns3Dk=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js" integrity="sha256-/BfiIkHlHoVihZdc6TFuj7MmJ0TWcWsMXkeDFwhi0zw=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-        <%- include('build/slide-scripts') %>
-        <% } else { %>
         <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
         <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
         <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
         <%- include('build/slide-pack-scripts') %>
-        <% } %>
     </body>
 </html>
 
diff --git a/test/csp.js b/test/csp.js
index 15412022..02184662 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -27,7 +27,6 @@ describe('Content security policies', function () {
         upgradeInsecureRequests: 'auto',
         reportURI: undefined
       },
-      useCDN: true,
       dropbox: {
         appKey: undefined
       }
@@ -44,21 +43,6 @@ describe('Content security policies', function () {
     csp = mock.reRequire('../lib/csp')
   })
 
-  // beginnging Tests
-  it('Disable CDN', function () {
-    const testconfig = defaultConfig
-    testconfig.useCDN = false
-    mock('../lib/config', testconfig)
-    csp = mock.reRequire('../lib/csp')
-
-    assert(!csp.computeDirectives().scriptSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().scriptSrc.includes('https://cdn.mathjax.org'))
-    assert(!csp.computeDirectives().styleSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().styleSrc.includes('https://fonts.googleapis.com'))
-    assert(!csp.computeDirectives().fontSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().fontSrc.includes('https://fonts.gstatic.com'))
-  })
-
   it('Disable Google Analytics', function () {
     const testconfig = defaultConfig
     testconfig.csp.addGoogleAnalytics = false
diff --git a/webpack.common.js b/webpack.common.js
index 48b5bf14..70175c39 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -22,13 +22,6 @@ module.exports = {
       'moment': 'moment',
       CodeMirror: 'codemirror/lib/codemirror.js'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'index-styles', 'index'],
-      filename: path.join(__dirname, 'public/views/build/index-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'index-styles-pack', 'index-styles', 'index'],
@@ -36,12 +29,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['index'],
-      filename: path.join(__dirname, 'public/views/build/index-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'index-pack'],
@@ -49,13 +36,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'cover'],
-      filename: path.join(__dirname, 'public/views/build/cover-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'cover-styles-pack', 'cover'],
@@ -63,12 +43,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['cover'],
-      filename: path.join(__dirname, 'public/views/build/cover-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'cover-pack'],
@@ -76,13 +50,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'pretty-styles', 'pretty'],
-      filename: path.join(__dirname, 'public/views/build/pretty-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'pretty-styles-pack', 'pretty-styles', 'pretty'],
@@ -90,12 +57,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['pretty'],
-      filename: path.join(__dirname, 'public/views/build/pretty-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'pretty-pack'],
@@ -103,13 +64,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'slide-styles', 'slide'],
-      filename: path.join(__dirname, 'public/views/build/slide-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'slide-styles-pack', 'slide-styles', 'slide'],
@@ -117,12 +71,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['slide'],
-      filename: path.join(__dirname, 'public/views/build/slide-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['slide-pack'],

From 3b0060187294e9d4b64892c735c9ca68d31f6804 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 21 Jun 2021 20:14:29 +0200
Subject: [PATCH 2/5] Inline CSS & JS into HTML export template

Previously, the HTML export template `html.hbs` included CDN links
for the HTML and CSS resources.

This commit enables Webpack to create a new `htmlexport.html` at
build-time, which includes all resources inline.
That template is then used as before by the frontend to be populated
with the rendered note content.

The tradeoff is that each exported .html file is about 5.6 MB in size,
as we need to inline all fonts (icons & emojis).

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/js/extra.js                        | 25 ++++++++++-------------
 public/js/htmlExport.js                   | 21 ++++++++++++++++++-
 public/views/{html.hbs => htmlexport.ejs} | 21 ++-----------------
 webpack.htmlexport.js                     | 20 +++++++++++++++---
 webpack.prod.js                           |  3 +++
 5 files changed, 53 insertions(+), 37 deletions(-)
 rename public/views/{html.hbs => htmlexport.ejs} (71%)

diff --git a/public/js/extra.js b/public/js/extra.js
index 6e3b0ed0..c72007b6 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -681,21 +681,18 @@ export function exportToHTML (view) {
   const tocAffix = $('#ui-toc-affix').clone()
   tocAffix.find('*').removeClass('active').find("a[href^='#'][smoothhashscroll]").removeAttr('smoothhashscroll')
   // generate html via template
-  $.get(`${serverurl}/build/html.min.css`, css => {
-    $.get(`${serverurl}/views/html.hbs`, template => {
-      let html = template.replace('{{{url}}}', serverurl)
-      html = html.replace('{{title}}', title)
-      html = html.replace('{{{css}}}', css)
-      html = html.replace('{{{html}}}', src[0].outerHTML)
-      html = html.replace('{{{ui-toc}}}', toc.html())
-      html = html.replace('{{{ui-toc-affix}}}', tocAffix.html())
-      html = html.replace('{{{lang}}}', (md && md.meta && md.meta.lang) ? `lang="${md.meta.lang}"` : '')
-      html = html.replace('{{{dir}}}', (md && md.meta && md.meta.dir) ? `dir="${md.meta.dir}"` : '')
-      const blob = new Blob([html], {
-        type: 'text/html;charset=utf-8'
-      })
-      saveAs(blob, filename, true)
+  $.get(`${serverurl}/build/htmlexport.html`, template => {
+    let html = template.replace('{{{url}}}', serverurl)
+    html = html.replace('{{title}}', title)
+    html = html.replace('{{{html}}}', src[0].outerHTML)
+    html = html.replace('{{{ui-toc}}}', toc.html())
+    html = html.replace('{{{ui-toc-affix}}}', tocAffix.html())
+    html = html.replace('{{{lang}}}', (md && md.meta && md.meta.lang) ? `lang="${md.meta.lang}"` : '')
+    html = html.replace('{{{dir}}}', (md && md.meta && md.meta.dir) ? `dir="${md.meta.dir}"` : '')
+    const blob = new Blob([html], {
+      type: 'text/html;charset=utf-8'
     })
+    saveAs(blob, filename, true)
   })
 }
 
diff --git a/public/js/htmlExport.js b/public/js/htmlExport.js
index 1a873aca..676e2b1b 100644
--- a/public/js/htmlExport.js
+++ b/public/js/htmlExport.js
@@ -1,6 +1,25 @@
+require('bootstrap/dist/css/bootstrap.min.css')
+require('fork-awesome/css/fork-awesome.min.css')
+require('ionicons/css/ionicons.min.css')
+require('prismjs/prism')
+require('prismjs/themes/prism.css')
+require('prismjs/components/prism-wiki')
+require('prismjs/components/prism-haskell')
+require('prismjs/components/prism-go')
+require('prismjs/components/prism-typescript')
+require('prismjs/components/prism-jsx')
+require('prismjs/components/prism-makefile')
+require('prismjs/components/prism-gherkin')
+require('highlight.js/styles/github-gist.css')
+require('emojify.js/dist/css/basic/emojify.min.css')
 require('../css/github-extract.css')
 require('../css/markdown.css')
 require('../css/extra.css')
 require('../css/slide-preview.css')
-require('../css/google-font.css')
+require('../css/font.css')
 require('../css/site.css')
+const $ = require('jquery')
+window.jQuery = $
+window.$ = $
+require('bootstrap')
+require('gist-embed/gist-embed.min')
diff --git a/public/views/html.hbs b/public/views/htmlexport.ejs
similarity index 71%
rename from public/views/html.hbs
rename to public/views/htmlexport.ejs
index 7e8268ba..ee83d850 100644
--- a/public/views/html.hbs
+++ b/public/views/htmlexport.ejs
@@ -19,22 +19,7 @@
     <link rel="mask-icon" href="{{{url}}}/icons/safari-pinned-tab.svg" color="#b51f08">
     <link rel="shortcut icon" href="{{{url}}}/icons/favicon.ico">
 
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.5.1/themes/prism.min.css" integrity="sha256-vtR0hSWRc3Tb26iuN2oZHt3KRUomwTufNIf5/4oeCyg=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github-gist.min.css" integrity="sha256-tAflq+ymku3Khs+I/WcAneIlafYgDiOQ9stIHH985Wo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-    <style>
-        {{{css}}}
-    </style>
-    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
-    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-    <!--[if lt IE 9]>
-    	<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" integrity="sha256-3Jy/GbSLrg0o9y5Z5n1uw0qxZECH7C6OQpVBgNFYa0g=" crossorigin="anonymous"></script>
-    	<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js" integrity="sha256-g6iAfvZp+nDQ2TdTR/VVKJf3bGro4ub5fvWSWVRi2NE=" crossorigin="anonymous"></script>
-		<script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.9/es5-shim.min.js" integrity="sha256-8E4Is26QH0bD52WoQpcB+R/tcWQtpzlCojrybUd7Mxo=" crossorigin="anonymous"></script>
-    <![endif]-->
+    <% _.forEach(htmlWebpackPlugin.files.css, function(cssFile) { %><style><%= compilation.assets[cssFile.substr(htmlWebpackPlugin.files.publicPath.length)].source() %></style><% }); %>
 </head>
 
 <body translate="no">
@@ -52,9 +37,7 @@
     <div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="top:17px;display:none;" {{{lang}}} {{{dir}}}>
         {{{ui-toc-affix}}}
     </div>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
+    <% _.forEach(htmlWebpackPlugin.files.js, function(jsFile) { %><script><%= compilation.assets[jsFile.substr(htmlWebpackPlugin.files.publicPath.length)].source() %></script><% }); %>
     <script>
         var markdown = $(".markdown-body");
         //smooth all hash trigger scrolling
diff --git a/webpack.htmlexport.js b/webpack.htmlexport.js
index 2aa2bc4f..458e1dd1 100644
--- a/webpack.htmlexport.js
+++ b/webpack.htmlexport.js
@@ -1,5 +1,6 @@
 const MiniCssExtractPlugin = require('mini-css-extract-plugin')
 const path = require('path')
+const HtmlWebpackPlugin = require('html-webpack-plugin')
 
 module.exports = {
   name: 'save-as-html',
@@ -10,6 +11,14 @@ module.exports = {
     rules: [{
       test: /\.css$/,
       use: [MiniCssExtractPlugin.loader, 'css-loader']
+    },
+    {
+      test: /\.(woff(2)?|ttf|eot|svg)(\?v=\d+\.\d+\.\d+)?$/,
+      use: [
+        {
+          loader: 'url-loader'
+        }
+      ]
     }]
   },
   output: {
@@ -18,8 +27,13 @@ module.exports = {
     filename: '[name].js'
   },
   plugins: [
-    new MiniCssExtractPlugin({
-      filename: 'html.min.css'
-    })
+    new HtmlWebpackPlugin({
+      // Load a custom template (uses lodash templating)
+      template: 'public/views/htmlexport.ejs',
+      filename: 'htmlexport.html',
+      inject: false,
+      cache: false
+    }),
+    new MiniCssExtractPlugin({ filename: 'htmlexport.css' })
   ]
 }
diff --git a/webpack.prod.js b/webpack.prod.js
index 69d77fb1..17585aa2 100644
--- a/webpack.prod.js
+++ b/webpack.prod.js
@@ -30,6 +30,9 @@ module.exports = [
     mode: 'production',
     optimization: {
       minimizer: [
+        new ESBuildMinifyPlugin({
+          target: 'es2015'
+        }),
         new OptimizeCSSAssetsPlugin({})
       ]
     }

From 515fed3db0a2cdf116f69e209cc35f1fb5f4d108 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 21 Jun 2021 20:34:59 +0200
Subject: [PATCH 3/5] Remove unused Google Fonts import

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/css/google-font.css | 1 -
 webpack.common.js          | 1 -
 2 files changed, 2 deletions(-)
 delete mode 100644 public/css/google-font.css

diff --git a/public/css/google-font.css b/public/css/google-font.css
deleted file mode 100644
index 02c1b103..00000000
--- a/public/css/google-font.css
+++ /dev/null
@@ -1 +0,0 @@
-@import url(https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400italic,600,600italic,300italic,300|Source+Serif+Pro|Source+Code+Pro:400,300,500&subset=latin,latin-ext);
diff --git a/webpack.common.js b/webpack.common.js
index 70175c39..98a2bfc1 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -132,7 +132,6 @@ module.exports = {
   ],
 
   entry: {
-    font: path.join(__dirname, 'public/css/google-font.css'),
     'font-pack': path.join(__dirname, 'public/css/font.css'),
     common: [
       'expose-loader?exposes[]=$&exposes[]=jQuery!jquery',

From 4526542944e94632c8d06f44e780760273b17b7a Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 5 Aug 2021 21:32:24 +0200
Subject: [PATCH 4/5] Replace Cloudflare links in exported HTML

Emoji images are now converted to data URLs

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/js/extra.js | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/public/js/extra.js b/public/js/extra.js
index c72007b6..b9844d1b 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -620,6 +620,18 @@ export function removeDOMEvents (view) {
 }
 window.removeDOMEvents = removeDOMEvents
 
+function toDataURL (url, callback) {
+  fetch(url).then(response => {
+    const fr = new FileReader()
+    fr.onload = function () {
+      callback(this.result)
+    }
+    response.blob().then(blob => {
+      fr.readAsDataURL(blob)
+    })
+  })
+}
+
 function generateCleanHTML (view) {
   const src = view.clone()
   const eles = src.find('*')
@@ -634,10 +646,9 @@ function generateCleanHTML (view) {
   src.find('input.task-list-item-checkbox').attr('disabled', '')
   // replace emoji image path
   src.find('img.emoji').each((key, value) => {
-    let name = $(value).attr('alt')
-    name = name.substr(1)
-    name = name.slice(0, name.length - 1)
-    $(value).attr('src', `https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/images/basic/${name}.png`)
+    toDataURL($(value).attr('src'), dataURL => {
+      $(value).attr('src', dataURL)
+    })
   })
   // replace video to iframe
   src.find('div[data-videoid]').each((key, value) => {

From 111b908b6197fe3e7c67cd5dd77dea40b61dc9af Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 5 Aug 2021 22:14:08 +0200
Subject: [PATCH 5/5] Update browser compatibility

We now use fetch, which requires slightly more modern browsers

Signed-off-by: David Mehren <git@herrmehren.de>
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6cd384e6..08d66b49 100644
--- a/README.md
+++ b/README.md
@@ -58,9 +58,9 @@ More info about that can be found in the configuration docs above.
 To use HedgeDoc, your browser should match or exceed these versions:
 
 - ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/chrome/chrome_24x24.png) Chrome >= 47, ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/chrome/chrome_24x24.png) Chrome for Android >= 47
-- ![Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari/safari_24x24.png) Safari >= 9, ![iOS Safarai](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari-ios/safari-ios_24x24.png) iOS Safari >= 8.4
+- ![Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari/safari_24x24.png) Safari >= 10.1, ![iOS Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari-ios/safari-ios_24x24.png) iOS Safari >= 10.3
 - ![Firefox](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/firefox/firefox_24x24.png) Firefox >= 44
-- ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/edge/edge_24x24.png) Edge >= 12
+- ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/edge/edge_24x24.png) Edge >= 14
 - ![Opera](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera/opera_24x24.png) Opera >=
   34, ![Opera Mini](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera-mini/opera-mini_24x24.png)
   Opera Mini not supported