From 9498ee6bfeeec5b87eb86775dbb23f7ee4924030 Mon Sep 17 00:00:00 2001
From: Tilman Vatteroth <git@tilmanvatteroth.de>
Date: Thu, 17 Jun 2021 21:07:04 +0200
Subject: [PATCH 1/5] Remove cdn support

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
---
 app.js                           |  1 -
 docs/content/configuration.md    |  1 -
 lib/config/default.js            |  1 -
 lib/config/environment.js        |  1 -
 lib/config/hackmdEnvironment.js  |  1 -
 lib/config/oldDefault.js         |  1 -
 lib/csp.js                       |  7 -----
 public/views/hedgedoc/footer.ejs | 23 --------------
 public/views/hedgedoc/head.ejs   | 10 ------
 public/views/index/footer.ejs    | 11 -------
 public/views/index/head.ejs      | 10 ------
 public/views/pretty.ejs          | 28 -----------------
 public/views/shared/polyfill.ejs |  7 -----
 public/views/slide.ejs           | 29 ------------------
 test/csp.js                      | 16 ----------
 webpack.common.js                | 52 --------------------------------
 16 files changed, 199 deletions(-)
 delete mode 100644 public/views/shared/polyfill.ejs

diff --git a/app.js b/app.js
index 45e70c8b5..878c85729 100644
--- a/app.js
+++ b/app.js
@@ -191,7 +191,6 @@ app.engine('ejs', ejs.renderFile)
 // set view engine
 app.set('view engine', 'ejs')
 // set generally available variables for all views
-app.locals.useCDN = config.useCDN
 app.locals.serverURL = config.serverURL
 app.locals.sourceURL = config.sourceURL
 app.locals.allowAnonymous = config.allowAnonymous
diff --git a/docs/content/configuration.md b/docs/content/configuration.md
index c6e3fc3eb..a19c749df 100644
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@@ -98,7 +98,6 @@ these are rarely used for various reasons.
 | config file     | environment          | **default** and example value | description                                                                                                                                                                    |
 | --------------- | -------------------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | `allowGravatar` | `CMD_ALLOW_GRAVATAR` | **`true`** or `false`         | set to `false` to disable [Libravatar](https://www.libravatar.org/) as profile picture source on your instance. Libravatar is a federated open-source alternative to Gravatar. |
-| `useCDN`        | `CMD_USECDN`         | **`false`** or `true`         | set to use CDN resources or not (default is `false`)                                                                                                                           |
 
 ## Users and Privileges
 
diff --git a/lib/config/default.js b/lib/config/default.js
index c1f3f9733..f98adf37b 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -29,7 +29,6 @@ module.exports = {
   },
   cookiePolicy: 'lax',
   protocolUseSSL: false,
-  useCDN: false,
   allowAnonymous: true,
   allowAnonymousEdits: false,
   allowFreeURL: false,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 1a43a88f9..e9b711ff0 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -27,7 +27,6 @@ module.exports = {
   cookiePolicy: process.env.CMD_COOKIE_POLICY,
   protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
   allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
-  useCDN: toBooleanConfig(process.env.CMD_USECDN),
   allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
   allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
index 76e413612..c40ffc961 100644
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@@ -20,7 +20,6 @@ module.exports = {
   },
   protocolUseSSL: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
-  useCDN: toBooleanConfig(process.env.HMD_USECDN),
   allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
   allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
   allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
diff --git a/lib/config/oldDefault.js b/lib/config/oldDefault.js
index 738ad9f7d..c9af50988 100644
--- a/lib/config/oldDefault.js
+++ b/lib/config/oldDefault.js
@@ -6,7 +6,6 @@ module.exports = {
   alloworigin: undefined,
   usessl: undefined,
   protocolusessl: undefined,
-  usecdn: undefined,
   allowanonymous: undefined,
   allowanonymousedits: undefined,
   allowfreeurl: undefined,
diff --git a/lib/csp.js b/lib/csp.js
index 74404413c..76426d526 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -15,12 +15,6 @@ const defaultDirectives = {
   connectSrc: ['*']
 }
 
-const cdnDirectives = {
-  scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
-  styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
-  fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
-}
-
 const disqusDirectives = {
   scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'],
   styleSrc: ['https://*.disquscdn.com'],
@@ -39,7 +33,6 @@ CspStrategy.computeDirectives = function () {
   const directives = {}
   mergeDirectives(directives, config.csp.directives)
   mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives)
-  mergeDirectivesIf(config.useCDN, directives, cdnDirectives)
   mergeDirectivesIf(config.csp.addDisqus, directives, disqusDirectives)
   mergeDirectivesIf(config.csp.addGoogleAnalytics, directives, googleAnalyticsDirectives)
   mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
diff --git a/public/views/hedgedoc/footer.ejs b/public/views/hedgedoc/footer.ejs
index 86572091e..c3927db77 100644
--- a/public/views/hedgedoc/footer.ejs
+++ b/public/views/hedgedoc/footer.ejs
@@ -1,28 +1,5 @@
 <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-y9JZetUlOMMh4hOP7XzJyCxx5xFrN4qSiBRIHfns3Dk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.2/lodash.min.js" integrity="sha256-Cv5v4i4SuYvwRYzIONifZjoc99CkwfncROMSWat1cVA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.1/socket.io.js" integrity="sha256-0FUwWDJ65tQsnnxtK/o5aTM880+kQzktw2mfTBF36Zs=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.18.1/highlight.min.js" integrity="sha256-eOgo0OtLL4cdq7RdwRUiGKLX9XsIJ7nGhWEKbohmVAQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-<%- include('../build/index-scripts') %>
-<% } else { %>
 <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
 <%- include('../build/index-pack-scripts') %>
-<% } %>
diff --git a/public/views/hedgedoc/head.ejs b/public/views/hedgedoc/head.ejs
index 419d5dcc7..c2321fccf 100644
--- a/public/views/hedgedoc/head.ejs
+++ b/public/views/hedgedoc/head.ejs
@@ -15,15 +15,5 @@
 <% } %>
 <base href="<%- serverURL %>/">
 <title><%= title %></title>
-<% if(useCDN) { %>
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-social/4.9.0/bootstrap-social.min.css" integrity="sha256-02JtFTurpwBjQJ6q13iJe82/NF0RbZlJroDegK5g87Y=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-<%- include('../build/index-header') %>
-<%- include('../shared/polyfill') %>
-<% } else { %>
 <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
 <%- include('../build/index-pack-header') %>
-<% } %>
diff --git a/public/views/index/footer.ejs b/public/views/index/footer.ejs
index c9532f6d9..c6469cc0b 100644
--- a/public/views/index/footer.ejs
+++ b/public/views/index/footer.ejs
@@ -1,12 +1 @@
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/list.pagination.js/0.1.1/list.pagination.min.js" integrity="sha256-WwTza96H3BgcQTfEfxX7MFaFc/dZA0QrPRKDRLdFHJo=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js" integrity="sha256-HzzZFiY4t0PIv02Tm8/R3CVvLpcjHhO1z/YAUCp4oQ4=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/1000hz-bootstrap-validator/0.11.8/validator.min.js" integrity="sha256-LHeY7YoYJ0SSXbCx7sR14Pqna+52moaH3bhv0Mjzd/M=" crossorigin="anonymous" defer></script>
-<%- include('../build/cover-scripts') %>
-<% } else { %>
 <%- include('../build/cover-pack-scripts') %>
-<% } %>
diff --git a/public/views/index/head.ejs b/public/views/index/head.ejs
index a6e79e35c..a6751bbf4 100644
--- a/public/views/index/head.ejs
+++ b/public/views/index/head.ejs
@@ -16,14 +16,4 @@
 <meta property="og:image:type" content="image/png">
 <base href="<%- serverURL %>/">
 <title>HedgeDoc - <%= __('Collaborative markdown notes') %></title>
-<% if(useCDN) { %>
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-social/4.9.0/bootstrap-social.min.css" integrity="sha256-02JtFTurpwBjQJ6q13iJe82/NF0RbZlJroDegK5g87Y=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.4/select2.min.css" integrity="sha256-ijlUKKj3hJCiiT2HWo1kqkI79NTEYpzOsw5Rs3k42dI=" crossorigin="anonymous" />
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.4/select2-bootstrap.min.css" integrity="sha256-NAWFcNIZdH+TS1xpWujF/EB/Y8gwBbEOCoaK/eqaer8=" crossorigin="anonymous" />
-<%- include('../build/cover-header') %>
-<%- include('../shared/polyfill') %>
-<% } else { %>
 <%- include('../build/cover-pack-header') %>
-<% } %>
diff --git a/public/views/pretty.ejs b/public/views/pretty.ejs
index fc222cb8c..97274ba15 100644
--- a/public/views/pretty.ejs
+++ b/public/views/pretty.ejs
@@ -25,17 +25,8 @@
     <base href="<%- serverURL %>/">
     <title><%= title %></title>
     <%- include('includes/favicon.ejs') %>
-  <% if(useCDN) { %>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-    <%- include('build/pretty-header') %>
-    <%- include('shared/polyfill') %>
-  <% } else { %>
     <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
     <%- include('build/pretty-pack-header') %>
-  <% } %>
 </head>
 
 <body style="display:none;">
@@ -80,27 +71,8 @@
 
 </html>
 <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-<% if(useCDN) { %>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.18.1/highlight.min.js" integrity="sha256-eOgo0OtLL4cdq7RdwRUiGKLX9XsIJ7nGhWEKbohmVAQ=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-<%- include('build/pretty-scripts') %>
-<% } else { %>
 <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
 <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
 <%- include('build/pretty-pack-scripts') %>
-<% } %>
 <%- include('shared/ga') %>
diff --git a/public/views/shared/polyfill.ejs b/public/views/shared/polyfill.ejs
deleted file mode 100644
index 82b2f0253..000000000
--- a/public/views/shared/polyfill.ejs
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
-<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-<!--[if lt IE 9]>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" integrity="sha256-3Jy/GbSLrg0o9y5Z5n1uw0qxZECH7C6OQpVBgNFYa0g=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js" integrity="sha256-g6iAfvZp+nDQ2TdTR/VVKJf3bGro4ub5fvWSWVRi2NE=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.9/es5-shim.min.js" integrity="sha256-8E4Is26QH0bD52WoQpcB+R/tcWQtpzlCojrybUd7Mxo=" crossorigin="anonymous"></script>
-<![endif]-->
diff --git a/public/views/slide.ejs b/public/views/slide.ejs
index e08ca0579..5837737ce 100644
--- a/public/views/slide.ejs
+++ b/public/views/slide.ejs
@@ -14,19 +14,9 @@
         <base href="<%- serverURL %>/">
         <title><%= title %></title>
         <%- include('includes/favicon.ejs') %>
-
-        <% if(useCDN) { %>
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.7.0/css/reveal.min.css" integrity="sha256-9+Wg2bcNeiOMGXOUNqBdceY2lAH/eCiTDcdzHhHIl48=" crossorigin="anonymous" />
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-        <%- include('build/slide-header') %>
-        <%- include('shared/polyfill') %>
-        <% } else { %>
         <link rel="stylesheet" href="<%- serverURL %>/build/reveal.js/css/reveal.css">
         <link rel="stylesheet" href='<%- serverURL %>/build/emojify.js/dist/css/basic/emojify.min.css'>
         <%- include('build/slide-pack-header') %>
-        <% } %>
 
         <!-- For reveal.js theme -->
         <% if(typeof theme !== 'undefined' && theme) { %>
@@ -87,29 +77,10 @@
         </div>
 
         <script src="<%= serverURL %>/js/mathjax-config-extra.js"></script>
-        <% if(useCDN) { %>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.9.2/js/reveal.js" integrity="sha512-VMwkG0MdbDSSM3wUzu6Ny450qkGMXTuBJdN1ssTZPTNWBkXxSYuvhW/o6eu7YQ2H1X2X1thKs6xdt8+obhX4Gg==" crossorigin="anonymous"></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js" integrity="sha256-jnOjDTXIPqall8M0MyTSt98JetJuZ7Yu+1Jm7hLTF7U=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/3.7.0/js-yaml.min.js" integrity="sha256-8PanqYAVOGlOct+i65R+HqibK3KPsXINnrSfxN+Y/J0=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/MathJax.js" integrity="sha256-DViIOMYdwlM/axqoGDPeUyf0urLoHMN4QACBKyB58Uw=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/TeX-AMS-MML_HTMLorMML.js" integrity="sha256-h37FgDAy5VfttFY2Jw5jcIQpvTvxY6QxTTwoDwlhg/E=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.9/config/Safe.js" integrity="sha256-y9JZetUlOMMh4hOP7XzJyCxx5xFrN4qSiBRIHfns3Dk=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.17.1/moment-with-locales.min.js" integrity="sha256-vvT7Ok9u6GbfnBPXnbM6FVDEO8E1kTdgHOFZOAXrktA=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/mermaid/8.8.2/mermaid.min.js" integrity="sha256-KqisLh8jVMBRjpNkOhH5W9VWs+F6x6vQksLqxs7+x9A=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/js/emojify.min.js" integrity="sha256-VAB5tAlKBvgaxw8oJ1crWMVbdmBVl4mP/2M8MNRl+4E=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js" integrity="sha256-/BfiIkHlHoVihZdc6TFuj7MmJ0TWcWsMXkeDFwhi0zw=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/1.7.0/viz.js" integrity="sha256-8t+rndrF+TU4JtelmOH1lDHTMe2ovhO2UbzDArp5lY8=" crossorigin="anonymous" defer></script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/abcjs/3.1.1/abcjs_basic-min.js" integrity="sha256-Sq1r2XXWXQoShQKsS0Wrf5r7fRkErd9Fat9vHYeU68s=" crossorigin="anonymous"></script>
-        <%- include('build/slide-scripts') %>
-        <% } else { %>
         <script src="<%- serverURL %>/build/MathJax/MathJax.js" defer></script>
         <script src="<%- serverURL %>/build/MathJax/config/TeX-AMS-MML_HTMLorMML.js" defer></script>
         <script src="<%- serverURL %>/build/MathJax/config/Safe.js" defer></script>
         <%- include('build/slide-pack-scripts') %>
-        <% } %>
     </body>
 </html>
 
diff --git a/test/csp.js b/test/csp.js
index 154120221..02184662c 100644
--- a/test/csp.js
+++ b/test/csp.js
@@ -27,7 +27,6 @@ describe('Content security policies', function () {
         upgradeInsecureRequests: 'auto',
         reportURI: undefined
       },
-      useCDN: true,
       dropbox: {
         appKey: undefined
       }
@@ -44,21 +43,6 @@ describe('Content security policies', function () {
     csp = mock.reRequire('../lib/csp')
   })
 
-  // beginnging Tests
-  it('Disable CDN', function () {
-    const testconfig = defaultConfig
-    testconfig.useCDN = false
-    mock('../lib/config', testconfig)
-    csp = mock.reRequire('../lib/csp')
-
-    assert(!csp.computeDirectives().scriptSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().scriptSrc.includes('https://cdn.mathjax.org'))
-    assert(!csp.computeDirectives().styleSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().styleSrc.includes('https://fonts.googleapis.com'))
-    assert(!csp.computeDirectives().fontSrc.includes('https://cdnjs.cloudflare.com'))
-    assert(!csp.computeDirectives().fontSrc.includes('https://fonts.gstatic.com'))
-  })
-
   it('Disable Google Analytics', function () {
     const testconfig = defaultConfig
     testconfig.csp.addGoogleAnalytics = false
diff --git a/webpack.common.js b/webpack.common.js
index 48b5bf147..70175c39e 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -22,13 +22,6 @@ module.exports = {
       'moment': 'moment',
       CodeMirror: 'codemirror/lib/codemirror.js'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'index-styles', 'index'],
-      filename: path.join(__dirname, 'public/views/build/index-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'index-styles-pack', 'index-styles', 'index'],
@@ -36,12 +29,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['index'],
-      filename: path.join(__dirname, 'public/views/build/index-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'index-pack'],
@@ -49,13 +36,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'cover'],
-      filename: path.join(__dirname, 'public/views/build/cover-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'cover-styles-pack', 'cover'],
@@ -63,12 +43,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['cover'],
-      filename: path.join(__dirname, 'public/views/build/cover-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'cover-pack'],
@@ -76,13 +50,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'pretty-styles', 'pretty'],
-      filename: path.join(__dirname, 'public/views/build/pretty-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'pretty-styles-pack', 'pretty-styles', 'pretty'],
@@ -90,12 +57,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['pretty'],
-      filename: path.join(__dirname, 'public/views/build/pretty-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['common', 'pretty-pack'],
@@ -103,13 +64,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/header.ejs',
-      chunks: ['font', 'slide-styles', 'slide'],
-      filename: path.join(__dirname, 'public/views/build/slide-header.ejs'),
-      inject: false,
-      chunksSortMode: 'manual'
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/header.ejs',
       chunks: ['font-pack', 'slide-styles-pack', 'slide-styles', 'slide'],
@@ -117,12 +71,6 @@ module.exports = {
       inject: false,
       chunksSortMode: 'manual'
     }),
-    new HtmlWebpackPlugin({
-      template: 'public/views/includes/scripts.ejs',
-      chunks: ['slide'],
-      filename: path.join(__dirname, 'public/views/build/slide-scripts.ejs'),
-      inject: false
-    }),
     new HtmlWebpackPlugin({
       template: 'public/views/includes/scripts.ejs',
       chunks: ['slide-pack'],

From 3b0060187294e9d4b64892c735c9ca68d31f6804 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 21 Jun 2021 20:14:29 +0200
Subject: [PATCH 2/5] Inline CSS & JS into HTML export template

Previously, the HTML export template `html.hbs` included CDN links
for the HTML and CSS resources.

This commit enables Webpack to create a new `htmlexport.html` at
build-time, which includes all resources inline.
That template is then used as before by the frontend to be populated
with the rendered note content.

The tradeoff is that each exported .html file is about 5.6 MB in size,
as we need to inline all fonts (icons & emojis).

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/js/extra.js                        | 25 ++++++++++-------------
 public/js/htmlExport.js                   | 21 ++++++++++++++++++-
 public/views/{html.hbs => htmlexport.ejs} | 21 ++-----------------
 webpack.htmlexport.js                     | 20 +++++++++++++++---
 webpack.prod.js                           |  3 +++
 5 files changed, 53 insertions(+), 37 deletions(-)
 rename public/views/{html.hbs => htmlexport.ejs} (71%)

diff --git a/public/js/extra.js b/public/js/extra.js
index 6e3b0ed0e..c72007b6f 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -681,21 +681,18 @@ export function exportToHTML (view) {
   const tocAffix = $('#ui-toc-affix').clone()
   tocAffix.find('*').removeClass('active').find("a[href^='#'][smoothhashscroll]").removeAttr('smoothhashscroll')
   // generate html via template
-  $.get(`${serverurl}/build/html.min.css`, css => {
-    $.get(`${serverurl}/views/html.hbs`, template => {
-      let html = template.replace('{{{url}}}', serverurl)
-      html = html.replace('{{title}}', title)
-      html = html.replace('{{{css}}}', css)
-      html = html.replace('{{{html}}}', src[0].outerHTML)
-      html = html.replace('{{{ui-toc}}}', toc.html())
-      html = html.replace('{{{ui-toc-affix}}}', tocAffix.html())
-      html = html.replace('{{{lang}}}', (md && md.meta && md.meta.lang) ? `lang="${md.meta.lang}"` : '')
-      html = html.replace('{{{dir}}}', (md && md.meta && md.meta.dir) ? `dir="${md.meta.dir}"` : '')
-      const blob = new Blob([html], {
-        type: 'text/html;charset=utf-8'
-      })
-      saveAs(blob, filename, true)
+  $.get(`${serverurl}/build/htmlexport.html`, template => {
+    let html = template.replace('{{{url}}}', serverurl)
+    html = html.replace('{{title}}', title)
+    html = html.replace('{{{html}}}', src[0].outerHTML)
+    html = html.replace('{{{ui-toc}}}', toc.html())
+    html = html.replace('{{{ui-toc-affix}}}', tocAffix.html())
+    html = html.replace('{{{lang}}}', (md && md.meta && md.meta.lang) ? `lang="${md.meta.lang}"` : '')
+    html = html.replace('{{{dir}}}', (md && md.meta && md.meta.dir) ? `dir="${md.meta.dir}"` : '')
+    const blob = new Blob([html], {
+      type: 'text/html;charset=utf-8'
     })
+    saveAs(blob, filename, true)
   })
 }
 
diff --git a/public/js/htmlExport.js b/public/js/htmlExport.js
index 1a873aca0..676e2b1bc 100644
--- a/public/js/htmlExport.js
+++ b/public/js/htmlExport.js
@@ -1,6 +1,25 @@
+require('bootstrap/dist/css/bootstrap.min.css')
+require('fork-awesome/css/fork-awesome.min.css')
+require('ionicons/css/ionicons.min.css')
+require('prismjs/prism')
+require('prismjs/themes/prism.css')
+require('prismjs/components/prism-wiki')
+require('prismjs/components/prism-haskell')
+require('prismjs/components/prism-go')
+require('prismjs/components/prism-typescript')
+require('prismjs/components/prism-jsx')
+require('prismjs/components/prism-makefile')
+require('prismjs/components/prism-gherkin')
+require('highlight.js/styles/github-gist.css')
+require('emojify.js/dist/css/basic/emojify.min.css')
 require('../css/github-extract.css')
 require('../css/markdown.css')
 require('../css/extra.css')
 require('../css/slide-preview.css')
-require('../css/google-font.css')
+require('../css/font.css')
 require('../css/site.css')
+const $ = require('jquery')
+window.jQuery = $
+window.$ = $
+require('bootstrap')
+require('gist-embed/gist-embed.min')
diff --git a/public/views/html.hbs b/public/views/htmlexport.ejs
similarity index 71%
rename from public/views/html.hbs
rename to public/views/htmlexport.ejs
index 7e8268ba3..ee83d8505 100644
--- a/public/views/html.hbs
+++ b/public/views/htmlexport.ejs
@@ -19,22 +19,7 @@
     <link rel="mask-icon" href="{{{url}}}/icons/safari-pinned-tab.svg" color="#b51f08">
     <link rel="shortcut icon" href="{{{url}}}/icons/favicon.ico">
 
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/css/bootstrap.min.css" integrity="sha256-H0KfTigpUV+0/5tn2HXC0CPwhhDhWgSawJdnFd0CGCo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/fork-awesome/1.1.3/css/fork-awesome.min.css" integrity="sha256-ZhApazu+kejqTYhMF+1DzNKjIzP7KXu6AzyXcC1gMus=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css" integrity="sha256-3iu9jgsy9TpTwXKb7bNQzqWekRX7pPK+2OLj3R922fo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism/1.5.1/themes/prism.min.css" integrity="sha256-vtR0hSWRc3Tb26iuN2oZHt3KRUomwTufNIf5/4oeCyg=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github-gist.min.css" integrity="sha256-tAflq+ymku3Khs+I/WcAneIlafYgDiOQ9stIHH985Wo=" crossorigin="anonymous" />
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/css/basic/emojify.min.css" integrity="sha256-UOrvMOsSDSrW6szVLe8ZDZezBxh5IoIfgTwdNDgTjiU=" crossorigin="anonymous" />
-    <style>
-        {{{css}}}
-    </style>
-    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
-    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-    <!--[if lt IE 9]>
-    	<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" integrity="sha256-3Jy/GbSLrg0o9y5Z5n1uw0qxZECH7C6OQpVBgNFYa0g=" crossorigin="anonymous"></script>
-    	<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js" integrity="sha256-g6iAfvZp+nDQ2TdTR/VVKJf3bGro4ub5fvWSWVRi2NE=" crossorigin="anonymous"></script>
-		<script src="https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.9/es5-shim.min.js" integrity="sha256-8E4Is26QH0bD52WoQpcB+R/tcWQtpzlCojrybUd7Mxo=" crossorigin="anonymous"></script>
-    <![endif]-->
+    <% _.forEach(htmlWebpackPlugin.files.css, function(cssFile) { %><style><%= compilation.assets[cssFile.substr(htmlWebpackPlugin.files.publicPath.length)].source() %></style><% }); %>
 </head>
 
 <body translate="no">
@@ -52,9 +37,7 @@
     <div id="ui-toc-affix" class="ui-affix-toc ui-toc-dropdown unselectable hidden-print" data-spy="affix" style="top:17px;display:none;" {{{lang}}} {{{dir}}}>
         {{{ui-toc-affix}}}
     </div>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.0/js/bootstrap.min.js" integrity="sha256-kJrlY+s09+QoWjpkOrXXwhxeaoDz9FW5SaxF8I0DibQ=" crossorigin="anonymous" defer></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/gist-embed/2.6.0/gist-embed.min.js" integrity="sha256-KyF2D6xPIJUW5sUDSs93vWyZm+1RzIpKCexxElmxl8g=" crossorigin="anonymous" defer></script>
+    <% _.forEach(htmlWebpackPlugin.files.js, function(jsFile) { %><script><%= compilation.assets[jsFile.substr(htmlWebpackPlugin.files.publicPath.length)].source() %></script><% }); %>
     <script>
         var markdown = $(".markdown-body");
         //smooth all hash trigger scrolling
diff --git a/webpack.htmlexport.js b/webpack.htmlexport.js
index 2aa2bc4fc..458e1dd13 100644
--- a/webpack.htmlexport.js
+++ b/webpack.htmlexport.js
@@ -1,5 +1,6 @@
 const MiniCssExtractPlugin = require('mini-css-extract-plugin')
 const path = require('path')
+const HtmlWebpackPlugin = require('html-webpack-plugin')
 
 module.exports = {
   name: 'save-as-html',
@@ -10,6 +11,14 @@ module.exports = {
     rules: [{
       test: /\.css$/,
       use: [MiniCssExtractPlugin.loader, 'css-loader']
+    },
+    {
+      test: /\.(woff(2)?|ttf|eot|svg)(\?v=\d+\.\d+\.\d+)?$/,
+      use: [
+        {
+          loader: 'url-loader'
+        }
+      ]
     }]
   },
   output: {
@@ -18,8 +27,13 @@ module.exports = {
     filename: '[name].js'
   },
   plugins: [
-    new MiniCssExtractPlugin({
-      filename: 'html.min.css'
-    })
+    new HtmlWebpackPlugin({
+      // Load a custom template (uses lodash templating)
+      template: 'public/views/htmlexport.ejs',
+      filename: 'htmlexport.html',
+      inject: false,
+      cache: false
+    }),
+    new MiniCssExtractPlugin({ filename: 'htmlexport.css' })
   ]
 }
diff --git a/webpack.prod.js b/webpack.prod.js
index 69d77fb10..17585aa25 100644
--- a/webpack.prod.js
+++ b/webpack.prod.js
@@ -30,6 +30,9 @@ module.exports = [
     mode: 'production',
     optimization: {
       minimizer: [
+        new ESBuildMinifyPlugin({
+          target: 'es2015'
+        }),
         new OptimizeCSSAssetsPlugin({})
       ]
     }

From 515fed3db0a2cdf116f69e209cc35f1fb5f4d108 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Mon, 21 Jun 2021 20:34:59 +0200
Subject: [PATCH 3/5] Remove unused Google Fonts import

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/css/google-font.css | 1 -
 webpack.common.js          | 1 -
 2 files changed, 2 deletions(-)
 delete mode 100644 public/css/google-font.css

diff --git a/public/css/google-font.css b/public/css/google-font.css
deleted file mode 100644
index 02c1b103e..000000000
--- a/public/css/google-font.css
+++ /dev/null
@@ -1 +0,0 @@
-@import url(https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,400italic,600,600italic,300italic,300|Source+Serif+Pro|Source+Code+Pro:400,300,500&subset=latin,latin-ext);
diff --git a/webpack.common.js b/webpack.common.js
index 70175c39e..98a2bfc16 100644
--- a/webpack.common.js
+++ b/webpack.common.js
@@ -132,7 +132,6 @@ module.exports = {
   ],
 
   entry: {
-    font: path.join(__dirname, 'public/css/google-font.css'),
     'font-pack': path.join(__dirname, 'public/css/font.css'),
     common: [
       'expose-loader?exposes[]=$&exposes[]=jQuery!jquery',

From 4526542944e94632c8d06f44e780760273b17b7a Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 5 Aug 2021 21:32:24 +0200
Subject: [PATCH 4/5] Replace Cloudflare links in exported HTML

Emoji images are now converted to data URLs

Signed-off-by: David Mehren <git@herrmehren.de>
---
 public/js/extra.js | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/public/js/extra.js b/public/js/extra.js
index c72007b6f..b9844d1bb 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -620,6 +620,18 @@ export function removeDOMEvents (view) {
 }
 window.removeDOMEvents = removeDOMEvents
 
+function toDataURL (url, callback) {
+  fetch(url).then(response => {
+    const fr = new FileReader()
+    fr.onload = function () {
+      callback(this.result)
+    }
+    response.blob().then(blob => {
+      fr.readAsDataURL(blob)
+    })
+  })
+}
+
 function generateCleanHTML (view) {
   const src = view.clone()
   const eles = src.find('*')
@@ -634,10 +646,9 @@ function generateCleanHTML (view) {
   src.find('input.task-list-item-checkbox').attr('disabled', '')
   // replace emoji image path
   src.find('img.emoji').each((key, value) => {
-    let name = $(value).attr('alt')
-    name = name.substr(1)
-    name = name.slice(0, name.length - 1)
-    $(value).attr('src', `https://cdnjs.cloudflare.com/ajax/libs/emojify.js/1.1.0/images/basic/${name}.png`)
+    toDataURL($(value).attr('src'), dataURL => {
+      $(value).attr('src', dataURL)
+    })
   })
   // replace video to iframe
   src.find('div[data-videoid]').each((key, value) => {

From 111b908b6197fe3e7c67cd5dd77dea40b61dc9af Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Thu, 5 Aug 2021 22:14:08 +0200
Subject: [PATCH 5/5] Update browser compatibility

We now use fetch, which requires slightly more modern browsers

Signed-off-by: David Mehren <git@herrmehren.de>
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6cd384e67..08d66b493 100644
--- a/README.md
+++ b/README.md
@@ -58,9 +58,9 @@ More info about that can be found in the configuration docs above.
 To use HedgeDoc, your browser should match or exceed these versions:
 
 - ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/chrome/chrome_24x24.png) Chrome >= 47, ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/chrome/chrome_24x24.png) Chrome for Android >= 47
-- ![Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari/safari_24x24.png) Safari >= 9, ![iOS Safarai](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari-ios/safari-ios_24x24.png) iOS Safari >= 8.4
+- ![Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari/safari_24x24.png) Safari >= 10.1, ![iOS Safari](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/safari-ios/safari-ios_24x24.png) iOS Safari >= 10.3
 - ![Firefox](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/firefox/firefox_24x24.png) Firefox >= 44
-- ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/edge/edge_24x24.png) Edge >= 12
+- ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/edge/edge_24x24.png) Edge >= 14
 - ![Opera](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera/opera_24x24.png) Opera >=
   34, ![Opera Mini](https://raw.githubusercontent.com/alrra/browser-logos/HEAD/src/opera-mini/opera-mini_24x24.png)
   Opera Mini not supported