From bd71391bfbd729b892d1d4592d7e574332c29866 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Thu, 9 Nov 2023 17:41:20 +0100
Subject: [PATCH 1/2] Possible fix for #2849 (404 error during sync request)

---
 cps/kobo.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cps/kobo.py b/cps/kobo.py
index 0a968081..f215e5aa 100644
--- a/cps/kobo.py
+++ b/cps/kobo.py
@@ -959,6 +959,7 @@ def HandleUnimplementedRequest(dummy=None):
 @kobo.route("/v1/user/wishlist", methods=["GET", "POST"])
 @kobo.route("/v1/user/recommendations", methods=["GET", "POST"])
 @kobo.route("/v1/analytics/<dummy>", methods=["GET", "POST"])
+@kobo.route("/v1/assets", methods=["GET"])
 def HandleUserRequest(dummy=None):
     log.debug("Unimplemented User Request received: %s (request is forwarded to kobo if configured)", request.base_url)
     return redirect_or_proxy_request()

From f78e0ff938d3371197112d5a17ee8f3688cc0285 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Thu, 9 Nov 2023 17:45:22 +0100
Subject: [PATCH 2/2] Use belach or nh3 for cleaning html (fix for #2874)

---
 cps/editbooks.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)
 mode change 100755 => 100644 cps/editbooks.py

diff --git a/cps/editbooks.py b/cps/editbooks.py
old mode 100755
new mode 100644
index b8f6363f..723f72a3
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@@ -29,9 +29,18 @@ from markupsafe import escape, Markup  # dependency of flask
 from functools import wraps
 
 try:
-    from lxml.html.clean import clean_html, Cleaner
+    from bleach import clean_text as clean_html
+    BLEACH = True
 except ImportError:
-    clean_html = None
+    try:
+        from nh3 import clean as clean_html
+        BLEACH = False
+    except ImportError:
+        try:
+            from lxml.html.clean import clean_html
+            BLEACH = False
+        except ImportError:
+            clean_html = None
 
 from flask import Blueprint, request, flash, redirect, url_for, abort, Response
 from flask_babel import gettext as _
@@ -992,7 +1001,10 @@ def edit_book_series_index(series_index, book):
 def edit_book_comments(comments, book):
     modify_date = False
     if comments:
-        comments = clean_html(comments)
+        if BLEACH:
+            comments = clean_html(comments, tags=None, attributes=None)
+        else:
+            comments = clean_html(comments)
     if len(book.comments):
         if book.comments[0].text != comments:
             book.comments[0].text = comments