This is a great tool and so far I like it very much!
However, I do have a question / problem...
It seems that this application is reaching out to a thrid party everytime a visitor views a page. It's looking for an svg image hosted on a remote server, that then does not seem to be used anywhere. The site it wants to force our visitors to is: https://clipboardjs.com/assets/images/clippy.svg
We have pretty strict rules about our site forcing it's members to load content from third parties and as such this is a big problem (meaning we can't use the application with that third party call included). We already don't use the third party api's for thumbnails and instead upload our own. That was a big selling point for us (being able to turn off those api's). But the thrid party commuincation for an svg that is not even visable on the site, screams of a third party tracking or some sort of backdoor scheme (even if it's not).
SVG's have been used to deliver ransomwear attacks as well as introduct users to other vulnerabilities. So, this application forcing our members to an unknown third party for an image that seems to not be used seems very questionable.
If the file "clippy.svg" is truely needed, why not just included it locally instead of making the unnessary third party communications? Our servers are faster than there's and looking at speed tests the "clippy.svg" is the longest communication drag anyways.
What file can I edit to remove this, so our site can be free of forcing our users to communicate with third parties that we don't know?