From 32e27712f0f71fdec646add20cd78b4ce75acfce Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Fri, 27 Aug 2021 09:43:32 +0200
Subject: [PATCH 1/4] Added lxml to needed requirements Improved displaying of
 series title, book of series, comments and custom comments

---
 cps/editbooks.py          | 13 +++++++++----
 cps/jinjia.py             |  7 ++++++-
 cps/templates/detail.html |  3 +--
 cps/templates/index.html  |  2 +-
 cps/ub.py                 |  6 +++---
 optional-requirements.txt |  1 -
 requirements.txt          |  1 +
 7 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/cps/editbooks.py b/cps/editbooks.py
index fbfc4483..afc07513 100644
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@@ -26,15 +26,14 @@ from datetime import datetime
 import json
 from shutil import copyfile
 from uuid import uuid4
+from lxml.html.clean import clean_html
 
 # Improve this to check if scholarly is available in a global way, like other pythonic libraries
-have_scholar = True
 try:
     from scholarly import scholarly
+    have_scholar = True
 except ImportError:
     have_scholar = False
-    pass
-
 
 from babel import Locale as LC
 from babel.core import UnknownLocaleError
@@ -57,6 +56,8 @@ except ImportError:
     pass  # We're not using Python 3
 
 
+
+
 editbook = Blueprint('editbook', __name__)
 log = logger.create()
 
@@ -459,9 +460,11 @@ def edit_book_series_index(series_index, book):
 # Handle book comments/description
 def edit_book_comments(comments, book):
     modif_date = False
+    if comments:
+        comments = clean_html(comments)
     if len(book.comments):
         if book.comments[0].text != comments:
-            book.comments[0].text = comments
+            book.comments[0].text = clean_html(comments)
             modif_date = True
     else:
         if comments:
@@ -515,6 +518,8 @@ def edit_cc_data_value(book_id, book, c, to_save, cc_db_value, cc_string):
         to_save[cc_string] = 1 if to_save[cc_string] == 'True' else 0
     elif c.datatype == 'comments':
         to_save[cc_string] = Markup(to_save[cc_string]).unescape()
+        if to_save[cc_string]:
+            to_save[cc_string] = clean_html(to_save[cc_string])
     elif c.datatype == 'datetime':
         try:
             to_save[cc_string] = datetime.strptime(to_save[cc_string], "%Y-%m-%d")
diff --git a/cps/jinjia.py b/cps/jinjia.py
index 70a6090e..2d18c6f0 100644
--- a/cps/jinjia.py
+++ b/cps/jinjia.py
@@ -28,10 +28,11 @@ import mimetypes
 from uuid import uuid4
 
 from babel.dates import format_date
+from flask_babel import gettext as _
 from flask import Blueprint, request, url_for
 from flask_babel import get_locale
 from flask_login import current_user
-
+from markupsafe import escape
 from . import logger
 
 
@@ -129,6 +130,10 @@ def formatseriesindex_filter(series_index):
             return series_index
     return 0
 
+@jinjia.app_template_filter('escapedlink')
+def escapedlink_filter(url, text):
+    return "<a href='{}'>{}</a>".format(url, escape(text))
+
 @jinjia.app_template_filter('uuidfilter')
 def uuidfilter(var):
     return uuid4()
diff --git a/cps/templates/detail.html b/cps/templates/detail.html
index fe19cb6f..4a3d8f23 100644
--- a/cps/templates/detail.html
+++ b/cps/templates/detail.html
@@ -120,9 +120,8 @@
         </p>
         </div>
       {% endif %}
-
       {% if entry.series|length > 0 %}
-        <p>{{_("Book %(index)s of %(range)s", index=entry.series_index|formatfloat(2), range=("<a href='" + url_for('web.books_list', data='series', sort_param='stored', book_id=entry.series[0].id) + "'>" + entry.series[0].name + "</a>")|safe) }}</p>
+          <p>{{_("Book %(index)s of %(range)s", index=entry.series_index | formatfloat(2), range=(url_for('web.books_list', data='series', sort_param='stored', book_id=entry.series[0].id)|escapedlink(entry.series[0].name))|safe)}}</p>
 
       {% endif %}
 
diff --git a/cps/templates/index.html b/cps/templates/index.html
index b11500e4..dabcd8da 100644
--- a/cps/templates/index.html
+++ b/cps/templates/index.html
@@ -63,7 +63,7 @@
 </div>
 {% endif %}
 <div class="discover load-more">
-  <h2 class="{{title}}">{{_(title)}}</h2>
+  <h2 class="{{title}}">{{title}}</h2>
     <div class="filterheader hidden-xs hidden-sm">
       <a data-toggle="tooltip" title="{{_('Sort according to book date, newest first')}}" id="new" class="btn btn-primary" href="{{url_for('web.books_list', data=page, book_id=id, sort_param='new')}}"><span class="glyphicon glyphicon-book"></span> <span class="glyphicon glyphicon-calendar"></span><span class="glyphicon glyphicon-sort-by-order"></span></a>
       <a data-toggle="tooltip" title="{{_('Sort according to book date, oldest first')}}" id="old" class="btn btn-primary" href="{{url_for('web.books_list', data=page, book_id=id, sort_param='old')}}"><span class="glyphicon glyphicon-book"></span> <span class="glyphicon glyphicon-calendar"></span><span class="glyphicon glyphicon-sort-by-order-alt"></span></a>
diff --git a/cps/ub.py b/cps/ub.py
index 8750b405..63265f7f 100644
--- a/cps/ub.py
+++ b/cps/ub.py
@@ -73,9 +73,9 @@ def store_user_session():
                 user_session = User_Sessions(flask_session.get('_user_id', ""), flask_session.get('_id', ""))
                 session.add(user_session)
                 session.commit()
-                log.info("Login and store session : " + flask_session.get('_id', ""))
+                log.debug("Login and store session : " + flask_session.get('_id', ""))
             else:
-                log.info("Found stored session : " + flask_session.get('_id', ""))
+                log.debug("Found stored session: " + flask_session.get('_id', ""))
         except (exc.OperationalError, exc.InvalidRequestError) as e:
             session.rollback()
             log.exception(e)
@@ -84,7 +84,7 @@ def store_user_session():
 
 def delete_user_session(user_id, session_key):
     try:
-        log.info("Deleted session_key : " + session_key)
+        log.debug("Deleted session_key: " + session_key)
         session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
                                             User_Sessions.session_key==session_key).delete()
         session.commit()
diff --git a/optional-requirements.txt b/optional-requirements.txt
index 1fa84d50..af068a51 100644
--- a/optional-requirements.txt
+++ b/optional-requirements.txt
@@ -30,7 +30,6 @@ Flask-Dance>=2.0.0,<5.1.0
 SQLAlchemy-Utils>=0.33.5,<0.38.0
 
 # extracting metadata
-lxml>=3.8.0,<4.7.0
 rarfile>=2.7
 scholarly>=1.2.0, <1.3
 
diff --git a/requirements.txt b/requirements.txt
index b29d3b99..e7f67593 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,3 +12,4 @@ SQLAlchemy>=1.3.0,<1.5.0
 tornado>=4.1,<6.2
 Wand>=0.4.4,<0.7.0
 unidecode>=0.04.19,<1.3.0
+lxml>=3.8.0,<4.7.0

From e615073893686e3dc3f3426367cdaf1df3abd78b Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Fri, 27 Aug 2021 12:56:08 +0200
Subject: [PATCH 2/4] Add all html special characters to the escaped characters
 in bootstrap table

---
 .../js/libs/bootstrap-table/bootstrap-table-editable.min.js     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cps/static/js/libs/bootstrap-table/bootstrap-table-editable.min.js b/cps/static/js/libs/bootstrap-table/bootstrap-table-editable.min.js
index 16061ebd..a154f702 100644
--- a/cps/static/js/libs/bootstrap-table/bootstrap-table-editable.min.js
+++ b/cps/static/js/libs/bootstrap-table/bootstrap-table-editable.min.js
@@ -7,4 +7,4 @@
   * @license MIT
   */
 
-!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(require("jquery")):"function"==typeof define&&define.amd?define(["jquery"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).jQuery)}(this,(function(t){"use strict";function e(t){return t&&"object"==typeof t&&"default"in t?t:{default:t}}var n=e(t);function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function o(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function i(t){return(i=Object.setPrototypeOf?Object.getPrototypeOf:function(t){return t.__proto__||Object.getPrototypeOf(t)})(t)}function a(t,e){return(a=Object.setPrototypeOf||function(t,e){return t.__proto__=e,t})(t,e)}function u(t,e){return!e||"object"!=typeof e&&"function"!=typeof e?function(t){if(void 0===t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return t}(t):e}function c(t){var e=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(t){return!1}}();return function(){var n,r=i(t);if(e){var o=i(this).constructor;n=Reflect.construct(r,arguments,o)}else n=r.apply(this,arguments);return u(this,n)}}function f(t,e,n){return(f="undefined"!=typeof Reflect&&Reflect.get?Reflect.get:function(t,e,n){var r=function(t,e){for(;!Object.prototype.hasOwnProperty.call(t,e)&&null!==(t=i(t)););return t}(t,e);if(r){var o=Object.getOwnPropertyDescriptor(r,e);return o.get?o.get.call(n):o.value}})(t,e,n||t)}function l(t,e){return function(t){if(Array.isArray(t))return t}(t)||function(t,e){if("undefined"==typeof Symbol||!(Symbol.iterator in Object(t)))return;var n=[],r=!0,o=!1,i=void 0;try{for(var a,u=t[Symbol.iterator]();!(r=(a=u.next()).done)&&(n.push(a.value),!e||n.length!==e);r=!0);}catch(t){o=!0,i=t}finally{try{r||null==u.return||u.return()}finally{if(o)throw i}}return n}(t,e)||s(t,e)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function s(t,e){if(t){if("string"==typeof t)return d(t,e);var n=Object.prototype.toString.call(t).slice(8,-1);return"Object"===n&&t.constructor&&(n=t.constructor.name),"Map"===n||"Set"===n?Array.from(t):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?d(t,e):void 0}}function d(t,e){(null==e||e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}var p="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function v(t,e){return t(e={exports:{}},e.exports),e.exports}var h=function(t){return t&&t.Math==Math&&t},y=h("object"==typeof globalThis&&globalThis)||h("object"==typeof window&&window)||h("object"==typeof self&&self)||h("object"==typeof p&&p)||function(){return this}()||Function("return this")(),b=function(t){try{return!!t()}catch(t){return!0}},g=!b((function(){return 7!=Object.defineProperty({},1,{get:function(){return 7}})[1]})),m={}.propertyIsEnumerable,x=Object.getOwnPropertyDescriptor,E={f:x&&!m.call({1:2},1)?function(t){var e=x(this,t);return!!e&&e.enumerable}:m},w=function(t,e){return{enumerable:!(1&t),configurable:!(2&t),writable:!(4&t),value:e}},O={}.toString,S=function(t){return O.call(t).slice(8,-1)},j="".split,T=b((function(){return!Object("z").propertyIsEnumerable(0)}))?function(t){return"String"==S(t)?j.call(t,""):Object(t)}:Object,A=function(t){if(null==t)throw TypeError("Can't call method on "+t);return t},I=function(t){return T(A(t))},P=function(t){return"object"==typeof t?null!==t:"function"==typeof t},R=function(t,e){if(!P(t))return t;var n,r;if(e&&"function"==typeof(n=t.toString)&&!P(r=n.call(t)))return r;if("function"==typeof(n=t.valueOf)&&!P(r=n.call(t)))return r;if(!e&&"function"==typeof(n=t.toString)&&!P(r=n.call(t)))return r;throw TypeError("Can't convert object to primitive value")},_={}.hasOwnProperty,C=function(t,e){return _.call(t,e)},k=y.document,D=P(k)&&P(k.createElement),F=function(t){return D?k.createElement(t):{}},M=!g&&!b((function(){return 7!=Object.defineProperty(F("div"),"a",{get:function(){return 7}}).a})),$=Object.getOwnPropertyDescriptor,U={f:g?$:function(t,e){if(t=I(t),e=R(e,!0),M)try{return $(t,e)}catch(t){}if(C(t,e))return w(!E.f.call(t,e),t[e])}},N=function(t){if(!P(t))throw TypeError(String(t)+" is not an object");return t},B=Object.defineProperty,L={f:g?B:function(t,e,n){if(N(t),e=R(e,!0),N(n),M)try{return B(t,e,n)}catch(t){}if("get"in n||"set"in n)throw TypeError("Accessors not supported");return"value"in n&&(t[e]=n.value),t}},q=g?function(t,e,n){return L.f(t,e,w(1,n))}:function(t,e,n){return t[e]=n,t},V=function(t,e){try{q(y,t,e)}catch(n){y[t]=e}return e},K="__core-js_shared__",G=y[K]||V(K,{}),H=Function.toString;"function"!=typeof G.inspectSource&&(G.inspectSource=function(t){return H.call(t)});var W,z,X,Y=G.inspectSource,Q=y.WeakMap,Z="function"==typeof Q&&/native code/.test(Y(Q)),J=v((function(t){(t.exports=function(t,e){return G[t]||(G[t]=void 0!==e?e:{})})("versions",[]).push({version:"3.9.1",mode:"global",copyright:"© 2021 Denis Pushkarev (zloirock.ru)"})})),tt=0,et=Math.random(),nt=function(t){return"Symbol("+String(void 0===t?"":t)+")_"+(++tt+et).toString(36)},rt=J("keys"),ot=function(t){return rt[t]||(rt[t]=nt(t))},it={},at=y.WeakMap;if(Z){var ut=G.state||(G.state=new at),ct=ut.get,ft=ut.has,lt=ut.set;W=function(t,e){return e.facade=t,lt.call(ut,t,e),e},z=function(t){return ct.call(ut,t)||{}},X=function(t){return ft.call(ut,t)}}else{var st=ot("state");it[st]=!0,W=function(t,e){return e.facade=t,q(t,st,e),e},z=function(t){return C(t,st)?t[st]:{}},X=function(t){return C(t,st)}}var dt={set:W,get:z,has:X,enforce:function(t){return X(t)?z(t):W(t,{})},getterFor:function(t){return function(e){var n;if(!P(e)||(n=z(e)).type!==t)throw TypeError("Incompatible receiver, "+t+" required");return n}}},pt=v((function(t){var e=dt.get,n=dt.enforce,r=String(String).split("String");(t.exports=function(t,e,o,i){var a,u=!!i&&!!i.unsafe,c=!!i&&!!i.enumerable,f=!!i&&!!i.noTargetGet;"function"==typeof o&&("string"!=typeof e||C(o,"name")||q(o,"name",e),(a=n(o)).source||(a.source=r.join("string"==typeof e?e:""))),t!==y?(u?!f&&t[e]&&(c=!0):delete t[e],c?t[e]=o:q(t,e,o)):c?t[e]=o:V(e,o)})(Function.prototype,"toString",(function(){return"function"==typeof this&&e(this).source||Y(this)}))})),vt=y,ht=function(t){return"function"==typeof t?t:void 0},yt=function(t,e){return arguments.length<2?ht(vt[t])||ht(y[t]):vt[t]&&vt[t][e]||y[t]&&y[t][e]},bt=Math.ceil,gt=Math.floor,mt=function(t){return isNaN(t=+t)?0:(t>0?gt:bt)(t)},xt=Math.min,Et=function(t){return t>0?xt(mt(t),9007199254740991):0},wt=Math.max,Ot=Math.min,St=function(t){return function(e,n,r){var o,i=I(e),a=Et(i.length),u=function(t,e){var n=mt(t);return n<0?wt(n+e,0):Ot(n,e)}(r,a);if(t&&n!=n){for(;a>u;)if((o=i[u++])!=o)return!0}else for(;a>u;u++)if((t||u in i)&&i[u]===n)return t||u||0;return!t&&-1}},jt={includes:St(!0),indexOf:St(!1)},Tt=jt.indexOf,At=function(t,e){var n,r=I(t),o=0,i=[];for(n in r)!C(it,n)&&C(r,n)&&i.push(n);for(;e.length>o;)C(r,n=e[o++])&&(~Tt(i,n)||i.push(n));return i},It=["constructor","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","toLocaleString","toString","valueOf"],Pt=It.concat("length","prototype"),Rt={f:Object.getOwnPropertyNames||function(t){return At(t,Pt)}},_t={f:Object.getOwnPropertySymbols},Ct=yt("Reflect","ownKeys")||function(t){var e=Rt.f(N(t)),n=_t.f;return n?e.concat(n(t)):e},kt=function(t,e){for(var n=Ct(e),r=L.f,o=U.f,i=0;i<n.length;i++){var a=n[i];C(t,a)||r(t,a,o(e,a))}},Dt=/#|\.prototype\./,Ft=function(t,e){var n=$t[Mt(t)];return n==Nt||n!=Ut&&("function"==typeof e?b(e):!!e)},Mt=Ft.normalize=function(t){return String(t).replace(Dt,".").toLowerCase()},$t=Ft.data={},Ut=Ft.NATIVE="N",Nt=Ft.POLYFILL="P",Bt=Ft,Lt=U.f,qt=function(t,e){var n,r,o,i,a,u=t.target,c=t.global,f=t.stat;if(n=c?y:f?y[u]||V(u,{}):(y[u]||{}).prototype)for(r in e){if(i=e[r],o=t.noTargetGet?(a=Lt(n,r))&&a.value:n[r],!Bt(c?r:u+(f?".":"#")+r,t.forced)&&void 0!==o){if(typeof i==typeof o)continue;kt(i,o)}(t.sham||o&&o.sham)&&q(i,"sham",!0),pt(n,r,i,t)}},Vt=function(){var t=N(this),e="";return t.global&&(e+="g"),t.ignoreCase&&(e+="i"),t.multiline&&(e+="m"),t.dotAll&&(e+="s"),t.unicode&&(e+="u"),t.sticky&&(e+="y"),e};function Kt(t,e){return RegExp(t,e)}var Gt,Ht,Wt={UNSUPPORTED_Y:b((function(){var t=Kt("a","y");return t.lastIndex=2,null!=t.exec("abcd")})),BROKEN_CARET:b((function(){var t=Kt("^r","gy");return t.lastIndex=2,null!=t.exec("str")}))},zt=RegExp.prototype.exec,Xt=String.prototype.replace,Yt=zt,Qt=(Gt=/a/,Ht=/b*/g,zt.call(Gt,"a"),zt.call(Ht,"a"),0!==Gt.lastIndex||0!==Ht.lastIndex),Zt=Wt.UNSUPPORTED_Y||Wt.BROKEN_CARET,Jt=void 0!==/()??/.exec("")[1];(Qt||Jt||Zt)&&(Yt=function(t){var e,n,r,o,i=this,a=Zt&&i.sticky,u=Vt.call(i),c=i.source,f=0,l=t;return a&&(-1===(u=u.replace("y","")).indexOf("g")&&(u+="g"),l=String(t).slice(i.lastIndex),i.lastIndex>0&&(!i.multiline||i.multiline&&"\n"!==t[i.lastIndex-1])&&(c="(?: "+c+")",l=" "+l,f++),n=new RegExp("^(?:"+c+")",u)),Jt&&(n=new RegExp("^"+c+"$(?!\\s)",u)),Qt&&(e=i.lastIndex),r=zt.call(a?n:i,l),a?r?(r.input=r.input.slice(f),r[0]=r[0].slice(f),r.index=i.lastIndex,i.lastIndex+=r[0].length):i.lastIndex=0:Qt&&r&&(i.lastIndex=i.global?r.index+r[0].length:e),Jt&&r&&r.length>1&&Xt.call(r[0],n,(function(){for(o=1;o<arguments.length-2;o++)void 0===arguments[o]&&(r[o]=void 0)})),r});var te=Yt;qt({target:"RegExp",proto:!0,forced:/./.exec!==te},{exec:te});var ee,ne,re="process"==S(y.process),oe=yt("navigator","userAgent")||"",ie=y.process,ae=ie&&ie.versions,ue=ae&&ae.v8;ue?ne=(ee=ue.split("."))[0]+ee[1]:oe&&(!(ee=oe.match(/Edge\/(\d+)/))||ee[1]>=74)&&(ee=oe.match(/Chrome\/(\d+)/))&&(ne=ee[1]);var ce=ne&&+ne,fe=!!Object.getOwnPropertySymbols&&!b((function(){return!Symbol.sham&&(re?38===ce:ce>37&&ce<41)})),le=fe&&!Symbol.sham&&"symbol"==typeof Symbol.iterator,se=J("wks"),de=y.Symbol,pe=le?de:de&&de.withoutSetter||nt,ve=function(t){return C(se,t)&&(fe||"string"==typeof se[t])||(fe&&C(de,t)?se[t]=de[t]:se[t]=pe("Symbol."+t)),se[t]},he=ve("species"),ye=!b((function(){var t=/./;return t.exec=function(){var t=[];return t.groups={a:"7"},t},"7"!=="".replace(t,"$<a>")})),be="$0"==="a".replace(/./,"$0"),ge=ve("replace"),me=!!/./[ge]&&""===/./[ge]("a","$0"),xe=!b((function(){var t=/(?:)/,e=t.exec;t.exec=function(){return e.apply(this,arguments)};var n="ab".split(t);return 2!==n.length||"a"!==n[0]||"b"!==n[1]})),Ee=function(t){return function(e,n){var r,o,i=String(A(e)),a=mt(n),u=i.length;return a<0||a>=u?t?"":void 0:(r=i.charCodeAt(a))<55296||r>56319||a+1===u||(o=i.charCodeAt(a+1))<56320||o>57343?t?i.charAt(a):r:t?i.slice(a,a+2):o-56320+(r-55296<<10)+65536}},we={codeAt:Ee(!1),charAt:Ee(!0)}.charAt,Oe=function(t,e,n){return e+(n?we(t,e).length:1)},Se=function(t){return Object(A(t))},je=Math.floor,Te="".replace,Ae=/\$([$&'`]|\d{1,2}|<[^>]*>)/g,Ie=/\$([$&'`]|\d{1,2})/g,Pe=function(t,e,n,r,o,i){var a=n+t.length,u=r.length,c=Ie;return void 0!==o&&(o=Se(o),c=Ae),Te.call(i,c,(function(i,c){var f;switch(c.charAt(0)){case"$":return"$";case"&":return t;case"`":return e.slice(0,n);case"'":return e.slice(a);case"<":f=o[c.slice(1,-1)];break;default:var l=+c;if(0===l)return i;if(l>u){var s=je(l/10);return 0===s?i:s<=u?void 0===r[s-1]?c.charAt(1):r[s-1]+c.charAt(1):i}f=r[l-1]}return void 0===f?"":f}))},Re=function(t,e){var n=t.exec;if("function"==typeof n){var r=n.call(t,e);if("object"!=typeof r)throw TypeError("RegExp exec method returned something other than an Object or null");return r}if("RegExp"!==S(t))throw TypeError("RegExp#exec called on incompatible receiver");return te.call(t,e)},_e=Math.max,Ce=Math.min;!function(t,e,n,r){var o=ve(t),i=!b((function(){var e={};return e[o]=function(){return 7},7!=""[t](e)})),a=i&&!b((function(){var e=!1,n=/a/;return"split"===t&&((n={}).constructor={},n.constructor[he]=function(){return n},n.flags="",n[o]=/./[o]),n.exec=function(){return e=!0,null},n[o](""),!e}));if(!i||!a||"replace"===t&&(!ye||!be||me)||"split"===t&&!xe){var u=/./[o],c=n(o,""[t],(function(t,e,n,r,o){return e.exec===te?i&&!o?{done:!0,value:u.call(e,n,r)}:{done:!0,value:t.call(n,e,r)}:{done:!1}}),{REPLACE_KEEPS_$0:be,REGEXP_REPLACE_SUBSTITUTES_UNDEFINED_CAPTURE:me}),f=c[0],l=c[1];pt(String.prototype,t,f),pt(RegExp.prototype,o,2==e?function(t,e){return l.call(t,this,e)}:function(t){return l.call(t,this)})}r&&q(RegExp.prototype[o],"sham",!0)}("replace",2,(function(t,e,n,r){var o=r.REGEXP_REPLACE_SUBSTITUTES_UNDEFINED_CAPTURE,i=r.REPLACE_KEEPS_$0,a=o?"$":"$0";return[function(n,r){var o=A(this),i=null==n?void 0:n[t];return void 0!==i?i.call(n,o,r):e.call(String(o),n,r)},function(t,r){if(!o&&i||"string"==typeof r&&-1===r.indexOf(a)){var u=n(e,t,this,r);if(u.done)return u.value}var c=N(t),f=String(this),l="function"==typeof r;l||(r=String(r));var s=c.global;if(s){var d=c.unicode;c.lastIndex=0}for(var p=[];;){var v=Re(c,f);if(null===v)break;if(p.push(v),!s)break;""===String(v[0])&&(c.lastIndex=Oe(f,Et(c.lastIndex),d))}for(var h,y="",b=0,g=0;g<p.length;g++){v=p[g];for(var m=String(v[0]),x=_e(Ce(mt(v.index),f.length),0),E=[],w=1;w<v.length;w++)E.push(void 0===(h=v[w])?h:String(h));var O=v.groups;if(l){var S=[m].concat(E,x,f);void 0!==O&&S.push(O);var j=String(r.apply(void 0,S))}else j=Pe(m,f,x,E,O,r);x>=b&&(y+=f.slice(b,x)+j,b=x+m.length)}return y+f.slice(b)}]}));var ke=function(t,e){var n=[][t];return!!n&&b((function(){n.call(null,e||function(){throw 1},1)}))},De=jt.indexOf,Fe=[].indexOf,Me=!!Fe&&1/[1].indexOf(1,-0)<0,$e=ke("indexOf");qt({target:"Array",proto:!0,forced:Me||!$e},{indexOf:function(t){return Me?Fe.apply(this,arguments)||0:De(this,t,arguments.length>1?arguments[1]:void 0)}});var Ue,Ne=Array.isArray||function(t){return"Array"==S(t)},Be=function(t,e,n){var r=R(e);r in t?L.f(t,r,w(0,n)):t[r]=n},Le=ve("species"),qe=function(t,e){var n;return Ne(t)&&("function"!=typeof(n=t.constructor)||n!==Array&&!Ne(n.prototype)?P(n)&&null===(n=n[Le])&&(n=void 0):n=void 0),new(void 0===n?Array:n)(0===e?0:e)},Ve=ve("species"),Ke=ve("isConcatSpreadable"),Ge=9007199254740991,He="Maximum allowed index exceeded",We=ce>=51||!b((function(){var t=[];return t[Ke]=!1,t.concat()[0]!==t})),ze=(Ue="concat",ce>=51||!b((function(){var t=[];return(t.constructor={})[Ve]=function(){return{foo:1}},1!==t[Ue](Boolean).foo}))),Xe=function(t){if(!P(t))return!1;var e=t[Ke];return void 0!==e?!!e:Ne(t)};qt({target:"Array",proto:!0,forced:!We||!ze},{concat:function(t){var e,n,r,o,i,a=Se(this),u=qe(a,0),c=0;for(e=-1,r=arguments.length;e<r;e++)if(Xe(i=-1===e?a:arguments[e])){if(c+(o=Et(i.length))>Ge)throw TypeError(He);for(n=0;n<o;n++,c++)n in i&&Be(u,c,i[n])}else{if(c>=Ge)throw TypeError(He);Be(u,c++,i)}return u.length=c,u}});var Ye=[].join,Qe=T!=Object,Ze=ke("join",",");qt({target:"Array",proto:!0,forced:Qe||!Ze},{join:function(t){return Ye.call(I(this),void 0===t?",":t)}});var Je,tn=function(t,e,n){if(function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function")}(t),void 0===e)return t;switch(n){case 0:return function(){return t.call(e)};case 1:return function(n){return t.call(e,n)};case 2:return function(n,r){return t.call(e,n,r)};case 3:return function(n,r,o){return t.call(e,n,r,o)}}return function(){return t.apply(e,arguments)}},en=[].push,nn=function(t){var e=1==t,n=2==t,r=3==t,o=4==t,i=6==t,a=7==t,u=5==t||i;return function(c,f,l,s){for(var d,p,v=Se(c),h=T(v),y=tn(f,l,3),b=Et(h.length),g=0,m=s||qe,x=e?m(c,b):n||a?m(c,0):void 0;b>g;g++)if((u||g in h)&&(p=y(d=h[g],g,v),t))if(e)x[g]=p;else if(p)switch(t){case 3:return!0;case 5:return d;case 6:return g;case 2:en.call(x,d)}else switch(t){case 4:return!1;case 7:en.call(x,d)}return i?-1:r||o?o:x}},rn={forEach:nn(0),map:nn(1),filter:nn(2),some:nn(3),every:nn(4),find:nn(5),findIndex:nn(6),filterOut:nn(7)},on=Object.keys||function(t){return At(t,It)},an=g?Object.defineProperties:function(t,e){N(t);for(var n,r=on(e),o=r.length,i=0;o>i;)L.f(t,n=r[i++],e[n]);return t},un=yt("document","documentElement"),cn=ot("IE_PROTO"),fn=function(){},ln=function(t){return"<script>"+t+"</"+"script>"},sn=function(){try{Je=document.domain&&new ActiveXObject("htmlfile")}catch(t){}var t,e;sn=Je?function(t){t.write(ln("")),t.close();var e=t.parentWindow.Object;return t=null,e}(Je):((e=F("iframe")).style.display="none",un.appendChild(e),e.src=String("javascript:"),(t=e.contentWindow.document).open(),t.write(ln("document.F=Object")),t.close(),t.F);for(var n=It.length;n--;)delete sn.prototype[It[n]];return sn()};it[cn]=!0;var dn=Object.create||function(t,e){var n;return null!==t?(fn.prototype=N(t),n=new fn,fn.prototype=null,n[cn]=t):n=sn(),void 0===e?n:an(n,e)},pn=ve("unscopables"),vn=Array.prototype;null==vn[pn]&&L.f(vn,pn,{configurable:!0,value:dn(null)});var hn,yn=rn.find,bn="find",gn=!0;bn in[]&&Array(1).find((function(){gn=!1})),qt({target:"Array",proto:!0,forced:gn},{find:function(t){return yn(this,t,arguments.length>1?arguments[1]:void 0)}}),hn=bn,vn[pn][hn]=!0;var mn=E.f,xn=function(t){return function(e){for(var n,r=I(e),o=on(r),i=o.length,a=0,u=[];i>a;)n=o[a++],g&&!mn.call(r,n)||u.push(t?[n,r[n]]:r[n]);return u}},En={entries:xn(!0),values:xn(!1)}.entries;qt({target:"Object",stat:!0},{entries:function(t){return En(t)}});var wn=n.default.fn.bootstrapTable.utils;n.default.extend(n.default.fn.bootstrapTable.defaults,{editable:!0,onEditableInit:function(){return!1},onEditableSave:function(t,e,n,r,o){return!1},onEditableShown:function(t,e,n,r){return!1},onEditableHidden:function(t,e,n,r){return!1}}),n.default.extend(n.default.fn.bootstrapTable.columnDefaults,{alwaysUseFormatter:!1}),n.default.extend(n.default.fn.bootstrapTable.Constructor.EVENTS,{"editable-init.bs.table":"onEditableInit","editable-save.bs.table":"onEditableSave","editable-shown.bs.table":"onEditableShown","editable-hidden.bs.table":"onEditableHidden"}),n.default.BootstrapTable=function(t){!function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function");t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,writable:!0,configurable:!0}}),e&&a(t,e)}(v,t);var e,u,d,p=c(v);function v(){return r(this,v),p.apply(this,arguments)}return e=v,(u=[{key:"initTable",value:function(){var t=this;f(i(v.prototype),"initTable",this).call(this),this.options.editable&&(this.editedCells=[],n.default.each(this.columns,(function(e,r){if(r.editable){var o={},i=[],a="editable-",u=function(t,e){var n=t.replace(/([A-Z])/g,(function(t){return"-".concat(t.toLowerCase())}));0===n.indexOf(a)&&(o[n.replace(a,"data-")]=e)};n.default.each(t.options,u),r.formatter=r.formatter||function(t){return t},r._formatter=r._formatter?r._formatter:r.formatter,r.formatter=function(e,a,c){var f=wn.calculateObjectValue(r,r._formatter,[e,a,c],e);if(f=null==f?t.options.undefinedText:f,void 0!==t.options.uniqueId&&!r.alwaysUseFormatter){var l=wn.getItemField(a,t.options.uniqueId,!1);-1!==n.default.inArray(r.field+l,t.editedCells)&&(f=e)}n.default.each(r,u),n.default.each(o,(function(t,e){i.push(" ".concat(t,'="').concat(e,'"'))}));var s=!1,d=wn.calculateObjectValue(r,r.editable,[c,a],{});if(typeof f==='string'){f=f.replace('\"',"&quot;");}return d.hasOwnProperty("noEditFormatter")&&(s=d.noEditFormatter(e,a,c)),!1===s?'<a href="javascript:void(0)"\n            data-name="'.concat(r.field,'"\n            data-pk="').concat(a[t.options.idField],'"\n            data-value="').concat(f,'"\n            ').concat(i.join(""),"></a>"):s}}})))}},{key:"initBody",value:function(t){var e=this;f(i(v.prototype),"initBody",this).call(this,t),this.options.editable&&(n.default.each(this.columns,(function(t,r){if(r.editable){var o=e.getData({escape:!0}),i=e.$body.find('a[data-name="'.concat(r.field,'"]'));i.each((function(t,e){var i=n.default(e),a=i.closest("tr").data("index"),u=o[a],c=wn.calculateObjectValue(r,r.editable,[a,u,i],{});i.editable(c)})),i.off("save").on("save",(function(t,o){var i=t.currentTarget,a=o.newValue,u=n.default(i),c=e.getData(),f=u.parents("tr[data-index]").data("index"),l=c[f],s=l[r.field];if(void 0!==e.options.uniqueId&&!r.alwaysUseFormatter){var d=wn.getItemField(l,e.options.uniqueId,!1);-1===n.default.inArray(r.field+d,e.editedCells)&&e.editedCells.push(r.field+d)}a=wn.escapeHTML(a),u.data("value",a),l[r.field]=a,e.trigger("editable-save",r.field,l,f,s,u),e.initBody()})),i.off("shown").on("shown",(function(t,o){var i=t.currentTarget,a=n.default(i),u=e.getData()[a.parents("tr[data-index]").data("index")];e.trigger("editable-shown",r.field,u,a,o)})),i.off("hidden").on("hidden",(function(t,o){var i=t.currentTarget,a=n.default(i),u=e.getData()[a.parents("tr[data-index]").data("index")];e.trigger("editable-hidden",r.field,u,a,o)}))}})),this.trigger("editable-init"))}},{key:"getData",value:function(t){var e=f(i(v.prototype),"getData",this).call(this,t);if(t&&t.escape){var n,r=function(t,e){var n;if("undefined"==typeof Symbol||null==t[Symbol.iterator]){if(Array.isArray(t)||(n=s(t))||e&&t&&"number"==typeof t.length){n&&(t=n);var r=0,o=function(){};return{s:o,n:function(){return r>=t.length?{done:!0}:{done:!1,value:t[r++]}},e:function(t){throw t},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,u=!1;return{s:function(){n=t[Symbol.iterator]()},n:function(){var t=n.next();return a=t.done,t},e:function(t){u=!0,i=t},f:function(){try{a||null==n.return||n.return()}finally{if(u)throw i}}}}(e);try{for(r.s();!(n=r.n()).done;)for(var o=n.value,a=0,u=Object.entries(o);a<u.length;a++){var c=l(u[a],2),d=c[0],p=c[1];o[d]=wn.unescapeHTML(p)}}catch(t){r.e(t)}finally{r.f()}}return e}}])&&o(e.prototype,u),d&&o(e,d),v}(n.default.BootstrapTable)}));
+!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(require("jquery")):"function"==typeof define&&define.amd?define(["jquery"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).jQuery)}(this,(function(t){"use strict";function e(t){return t&&"object"==typeof t&&"default"in t?t:{default:t}}var n=e(t);function r(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function o(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function i(t){return(i=Object.setPrototypeOf?Object.getPrototypeOf:function(t){return t.__proto__||Object.getPrototypeOf(t)})(t)}function a(t,e){return(a=Object.setPrototypeOf||function(t,e){return t.__proto__=e,t})(t,e)}function u(t,e){return!e||"object"!=typeof e&&"function"!=typeof e?function(t){if(void 0===t)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return t}(t):e}function c(t){var e=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],(function(){}))),!0}catch(t){return!1}}();return function(){var n,r=i(t);if(e){var o=i(this).constructor;n=Reflect.construct(r,arguments,o)}else n=r.apply(this,arguments);return u(this,n)}}function f(t,e,n){return(f="undefined"!=typeof Reflect&&Reflect.get?Reflect.get:function(t,e,n){var r=function(t,e){for(;!Object.prototype.hasOwnProperty.call(t,e)&&null!==(t=i(t)););return t}(t,e);if(r){var o=Object.getOwnPropertyDescriptor(r,e);return o.get?o.get.call(n):o.value}})(t,e,n||t)}function l(t,e){return function(t){if(Array.isArray(t))return t}(t)||function(t,e){if("undefined"==typeof Symbol||!(Symbol.iterator in Object(t)))return;var n=[],r=!0,o=!1,i=void 0;try{for(var a,u=t[Symbol.iterator]();!(r=(a=u.next()).done)&&(n.push(a.value),!e||n.length!==e);r=!0);}catch(t){o=!0,i=t}finally{try{r||null==u.return||u.return()}finally{if(o)throw i}}return n}(t,e)||s(t,e)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function s(t,e){if(t){if("string"==typeof t)return d(t,e);var n=Object.prototype.toString.call(t).slice(8,-1);return"Object"===n&&t.constructor&&(n=t.constructor.name),"Map"===n||"Set"===n?Array.from(t):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?d(t,e):void 0}}function d(t,e){(null==e||e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}var p="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function v(t,e){return t(e={exports:{}},e.exports),e.exports}var h=function(t){return t&&t.Math==Math&&t},y=h("object"==typeof globalThis&&globalThis)||h("object"==typeof window&&window)||h("object"==typeof self&&self)||h("object"==typeof p&&p)||function(){return this}()||Function("return this")(),b=function(t){try{return!!t()}catch(t){return!0}},g=!b((function(){return 7!=Object.defineProperty({},1,{get:function(){return 7}})[1]})),m={}.propertyIsEnumerable,x=Object.getOwnPropertyDescriptor,E={f:x&&!m.call({1:2},1)?function(t){var e=x(this,t);return!!e&&e.enumerable}:m},w=function(t,e){return{enumerable:!(1&t),configurable:!(2&t),writable:!(4&t),value:e}},O={}.toString,S=function(t){return O.call(t).slice(8,-1)},j="".split,T=b((function(){return!Object("z").propertyIsEnumerable(0)}))?function(t){return"String"==S(t)?j.call(t,""):Object(t)}:Object,A=function(t){if(null==t)throw TypeError("Can't call method on "+t);return t},I=function(t){return T(A(t))},P=function(t){return"object"==typeof t?null!==t:"function"==typeof t},R=function(t,e){if(!P(t))return t;var n,r;if(e&&"function"==typeof(n=t.toString)&&!P(r=n.call(t)))return r;if("function"==typeof(n=t.valueOf)&&!P(r=n.call(t)))return r;if(!e&&"function"==typeof(n=t.toString)&&!P(r=n.call(t)))return r;throw TypeError("Can't convert object to primitive value")},_={}.hasOwnProperty,C=function(t,e){return _.call(t,e)},k=y.document,D=P(k)&&P(k.createElement),F=function(t){return D?k.createElement(t):{}},M=!g&&!b((function(){return 7!=Object.defineProperty(F("div"),"a",{get:function(){return 7}}).a})),$=Object.getOwnPropertyDescriptor,U={f:g?$:function(t,e){if(t=I(t),e=R(e,!0),M)try{return $(t,e)}catch(t){}if(C(t,e))return w(!E.f.call(t,e),t[e])}},N=function(t){if(!P(t))throw TypeError(String(t)+" is not an object");return t},B=Object.defineProperty,L={f:g?B:function(t,e,n){if(N(t),e=R(e,!0),N(n),M)try{return B(t,e,n)}catch(t){}if("get"in n||"set"in n)throw TypeError("Accessors not supported");return"value"in n&&(t[e]=n.value),t}},q=g?function(t,e,n){return L.f(t,e,w(1,n))}:function(t,e,n){return t[e]=n,t},V=function(t,e){try{q(y,t,e)}catch(n){y[t]=e}return e},K="__core-js_shared__",G=y[K]||V(K,{}),H=Function.toString;"function"!=typeof G.inspectSource&&(G.inspectSource=function(t){return H.call(t)});var W,z,X,Y=G.inspectSource,Q=y.WeakMap,Z="function"==typeof Q&&/native code/.test(Y(Q)),J=v((function(t){(t.exports=function(t,e){return G[t]||(G[t]=void 0!==e?e:{})})("versions",[]).push({version:"3.9.1",mode:"global",copyright:"© 2021 Denis Pushkarev (zloirock.ru)"})})),tt=0,et=Math.random(),nt=function(t){return"Symbol("+String(void 0===t?"":t)+")_"+(++tt+et).toString(36)},rt=J("keys"),ot=function(t){return rt[t]||(rt[t]=nt(t))},it={},at=y.WeakMap;if(Z){var ut=G.state||(G.state=new at),ct=ut.get,ft=ut.has,lt=ut.set;W=function(t,e){return e.facade=t,lt.call(ut,t,e),e},z=function(t){return ct.call(ut,t)||{}},X=function(t){return ft.call(ut,t)}}else{var st=ot("state");it[st]=!0,W=function(t,e){return e.facade=t,q(t,st,e),e},z=function(t){return C(t,st)?t[st]:{}},X=function(t){return C(t,st)}}var dt={set:W,get:z,has:X,enforce:function(t){return X(t)?z(t):W(t,{})},getterFor:function(t){return function(e){var n;if(!P(e)||(n=z(e)).type!==t)throw TypeError("Incompatible receiver, "+t+" required");return n}}},pt=v((function(t){var e=dt.get,n=dt.enforce,r=String(String).split("String");(t.exports=function(t,e,o,i){var a,u=!!i&&!!i.unsafe,c=!!i&&!!i.enumerable,f=!!i&&!!i.noTargetGet;"function"==typeof o&&("string"!=typeof e||C(o,"name")||q(o,"name",e),(a=n(o)).source||(a.source=r.join("string"==typeof e?e:""))),t!==y?(u?!f&&t[e]&&(c=!0):delete t[e],c?t[e]=o:q(t,e,o)):c?t[e]=o:V(e,o)})(Function.prototype,"toString",(function(){return"function"==typeof this&&e(this).source||Y(this)}))})),vt=y,ht=function(t){return"function"==typeof t?t:void 0},yt=function(t,e){return arguments.length<2?ht(vt[t])||ht(y[t]):vt[t]&&vt[t][e]||y[t]&&y[t][e]},bt=Math.ceil,gt=Math.floor,mt=function(t){return isNaN(t=+t)?0:(t>0?gt:bt)(t)},xt=Math.min,Et=function(t){return t>0?xt(mt(t),9007199254740991):0},wt=Math.max,Ot=Math.min,St=function(t){return function(e,n,r){var o,i=I(e),a=Et(i.length),u=function(t,e){var n=mt(t);return n<0?wt(n+e,0):Ot(n,e)}(r,a);if(t&&n!=n){for(;a>u;)if((o=i[u++])!=o)return!0}else for(;a>u;u++)if((t||u in i)&&i[u]===n)return t||u||0;return!t&&-1}},jt={includes:St(!0),indexOf:St(!1)},Tt=jt.indexOf,At=function(t,e){var n,r=I(t),o=0,i=[];for(n in r)!C(it,n)&&C(r,n)&&i.push(n);for(;e.length>o;)C(r,n=e[o++])&&(~Tt(i,n)||i.push(n));return i},It=["constructor","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","toLocaleString","toString","valueOf"],Pt=It.concat("length","prototype"),Rt={f:Object.getOwnPropertyNames||function(t){return At(t,Pt)}},_t={f:Object.getOwnPropertySymbols},Ct=yt("Reflect","ownKeys")||function(t){var e=Rt.f(N(t)),n=_t.f;return n?e.concat(n(t)):e},kt=function(t,e){for(var n=Ct(e),r=L.f,o=U.f,i=0;i<n.length;i++){var a=n[i];C(t,a)||r(t,a,o(e,a))}},Dt=/#|\.prototype\./,Ft=function(t,e){var n=$t[Mt(t)];return n==Nt||n!=Ut&&("function"==typeof e?b(e):!!e)},Mt=Ft.normalize=function(t){return String(t).replace(Dt,".").toLowerCase()},$t=Ft.data={},Ut=Ft.NATIVE="N",Nt=Ft.POLYFILL="P",Bt=Ft,Lt=U.f,qt=function(t,e){var n,r,o,i,a,u=t.target,c=t.global,f=t.stat;if(n=c?y:f?y[u]||V(u,{}):(y[u]||{}).prototype)for(r in e){if(i=e[r],o=t.noTargetGet?(a=Lt(n,r))&&a.value:n[r],!Bt(c?r:u+(f?".":"#")+r,t.forced)&&void 0!==o){if(typeof i==typeof o)continue;kt(i,o)}(t.sham||o&&o.sham)&&q(i,"sham",!0),pt(n,r,i,t)}},Vt=function(){var t=N(this),e="";return t.global&&(e+="g"),t.ignoreCase&&(e+="i"),t.multiline&&(e+="m"),t.dotAll&&(e+="s"),t.unicode&&(e+="u"),t.sticky&&(e+="y"),e};function Kt(t,e){return RegExp(t,e)}var Gt,Ht,Wt={UNSUPPORTED_Y:b((function(){var t=Kt("a","y");return t.lastIndex=2,null!=t.exec("abcd")})),BROKEN_CARET:b((function(){var t=Kt("^r","gy");return t.lastIndex=2,null!=t.exec("str")}))},zt=RegExp.prototype.exec,Xt=String.prototype.replace,Yt=zt,Qt=(Gt=/a/,Ht=/b*/g,zt.call(Gt,"a"),zt.call(Ht,"a"),0!==Gt.lastIndex||0!==Ht.lastIndex),Zt=Wt.UNSUPPORTED_Y||Wt.BROKEN_CARET,Jt=void 0!==/()??/.exec("")[1];(Qt||Jt||Zt)&&(Yt=function(t){var e,n,r,o,i=this,a=Zt&&i.sticky,u=Vt.call(i),c=i.source,f=0,l=t;return a&&(-1===(u=u.replace("y","")).indexOf("g")&&(u+="g"),l=String(t).slice(i.lastIndex),i.lastIndex>0&&(!i.multiline||i.multiline&&"\n"!==t[i.lastIndex-1])&&(c="(?: "+c+")",l=" "+l,f++),n=new RegExp("^(?:"+c+")",u)),Jt&&(n=new RegExp("^"+c+"$(?!\\s)",u)),Qt&&(e=i.lastIndex),r=zt.call(a?n:i,l),a?r?(r.input=r.input.slice(f),r[0]=r[0].slice(f),r.index=i.lastIndex,i.lastIndex+=r[0].length):i.lastIndex=0:Qt&&r&&(i.lastIndex=i.global?r.index+r[0].length:e),Jt&&r&&r.length>1&&Xt.call(r[0],n,(function(){for(o=1;o<arguments.length-2;o++)void 0===arguments[o]&&(r[o]=void 0)})),r});var te=Yt;qt({target:"RegExp",proto:!0,forced:/./.exec!==te},{exec:te});var ee,ne,re="process"==S(y.process),oe=yt("navigator","userAgent")||"",ie=y.process,ae=ie&&ie.versions,ue=ae&&ae.v8;ue?ne=(ee=ue.split("."))[0]+ee[1]:oe&&(!(ee=oe.match(/Edge\/(\d+)/))||ee[1]>=74)&&(ee=oe.match(/Chrome\/(\d+)/))&&(ne=ee[1]);var ce=ne&&+ne,fe=!!Object.getOwnPropertySymbols&&!b((function(){return!Symbol.sham&&(re?38===ce:ce>37&&ce<41)})),le=fe&&!Symbol.sham&&"symbol"==typeof Symbol.iterator,se=J("wks"),de=y.Symbol,pe=le?de:de&&de.withoutSetter||nt,ve=function(t){return C(se,t)&&(fe||"string"==typeof se[t])||(fe&&C(de,t)?se[t]=de[t]:se[t]=pe("Symbol."+t)),se[t]},he=ve("species"),ye=!b((function(){var t=/./;return t.exec=function(){var t=[];return t.groups={a:"7"},t},"7"!=="".replace(t,"$<a>")})),be="$0"==="a".replace(/./,"$0"),ge=ve("replace"),me=!!/./[ge]&&""===/./[ge]("a","$0"),xe=!b((function(){var t=/(?:)/,e=t.exec;t.exec=function(){return e.apply(this,arguments)};var n="ab".split(t);return 2!==n.length||"a"!==n[0]||"b"!==n[1]})),Ee=function(t){return function(e,n){var r,o,i=String(A(e)),a=mt(n),u=i.length;return a<0||a>=u?t?"":void 0:(r=i.charCodeAt(a))<55296||r>56319||a+1===u||(o=i.charCodeAt(a+1))<56320||o>57343?t?i.charAt(a):r:t?i.slice(a,a+2):o-56320+(r-55296<<10)+65536}},we={codeAt:Ee(!1),charAt:Ee(!0)}.charAt,Oe=function(t,e,n){return e+(n?we(t,e).length:1)},Se=function(t){return Object(A(t))},je=Math.floor,Te="".replace,Ae=/\$([$&'`]|\d{1,2}|<[^>]*>)/g,Ie=/\$([$&'`]|\d{1,2})/g,Pe=function(t,e,n,r,o,i){var a=n+t.length,u=r.length,c=Ie;return void 0!==o&&(o=Se(o),c=Ae),Te.call(i,c,(function(i,c){var f;switch(c.charAt(0)){case"$":return"$";case"&":return t;case"`":return e.slice(0,n);case"'":return e.slice(a);case"<":f=o[c.slice(1,-1)];break;default:var l=+c;if(0===l)return i;if(l>u){var s=je(l/10);return 0===s?i:s<=u?void 0===r[s-1]?c.charAt(1):r[s-1]+c.charAt(1):i}f=r[l-1]}return void 0===f?"":f}))},Re=function(t,e){var n=t.exec;if("function"==typeof n){var r=n.call(t,e);if("object"!=typeof r)throw TypeError("RegExp exec method returned something other than an Object or null");return r}if("RegExp"!==S(t))throw TypeError("RegExp#exec called on incompatible receiver");return te.call(t,e)},_e=Math.max,Ce=Math.min;!function(t,e,n,r){var o=ve(t),i=!b((function(){var e={};return e[o]=function(){return 7},7!=""[t](e)})),a=i&&!b((function(){var e=!1,n=/a/;return"split"===t&&((n={}).constructor={},n.constructor[he]=function(){return n},n.flags="",n[o]=/./[o]),n.exec=function(){return e=!0,null},n[o](""),!e}));if(!i||!a||"replace"===t&&(!ye||!be||me)||"split"===t&&!xe){var u=/./[o],c=n(o,""[t],(function(t,e,n,r,o){return e.exec===te?i&&!o?{done:!0,value:u.call(e,n,r)}:{done:!0,value:t.call(n,e,r)}:{done:!1}}),{REPLACE_KEEPS_$0:be,REGEXP_REPLACE_SUBSTITUTES_UNDEFINED_CAPTURE:me}),f=c[0],l=c[1];pt(String.prototype,t,f),pt(RegExp.prototype,o,2==e?function(t,e){return l.call(t,this,e)}:function(t){return l.call(t,this)})}r&&q(RegExp.prototype[o],"sham",!0)}("replace",2,(function(t,e,n,r){var o=r.REGEXP_REPLACE_SUBSTITUTES_UNDEFINED_CAPTURE,i=r.REPLACE_KEEPS_$0,a=o?"$":"$0";return[function(n,r){var o=A(this),i=null==n?void 0:n[t];return void 0!==i?i.call(n,o,r):e.call(String(o),n,r)},function(t,r){if(!o&&i||"string"==typeof r&&-1===r.indexOf(a)){var u=n(e,t,this,r);if(u.done)return u.value}var c=N(t),f=String(this),l="function"==typeof r;l||(r=String(r));var s=c.global;if(s){var d=c.unicode;c.lastIndex=0}for(var p=[];;){var v=Re(c,f);if(null===v)break;if(p.push(v),!s)break;""===String(v[0])&&(c.lastIndex=Oe(f,Et(c.lastIndex),d))}for(var h,y="",b=0,g=0;g<p.length;g++){v=p[g];for(var m=String(v[0]),x=_e(Ce(mt(v.index),f.length),0),E=[],w=1;w<v.length;w++)E.push(void 0===(h=v[w])?h:String(h));var O=v.groups;if(l){var S=[m].concat(E,x,f);void 0!==O&&S.push(O);var j=String(r.apply(void 0,S))}else j=Pe(m,f,x,E,O,r);x>=b&&(y+=f.slice(b,x)+j,b=x+m.length)}return y+f.slice(b)}]}));var ke=function(t,e){var n=[][t];return!!n&&b((function(){n.call(null,e||function(){throw 1},1)}))},De=jt.indexOf,Fe=[].indexOf,Me=!!Fe&&1/[1].indexOf(1,-0)<0,$e=ke("indexOf");qt({target:"Array",proto:!0,forced:Me||!$e},{indexOf:function(t){return Me?Fe.apply(this,arguments)||0:De(this,t,arguments.length>1?arguments[1]:void 0)}});var Ue,Ne=Array.isArray||function(t){return"Array"==S(t)},Be=function(t,e,n){var r=R(e);r in t?L.f(t,r,w(0,n)):t[r]=n},Le=ve("species"),qe=function(t,e){var n;return Ne(t)&&("function"!=typeof(n=t.constructor)||n!==Array&&!Ne(n.prototype)?P(n)&&null===(n=n[Le])&&(n=void 0):n=void 0),new(void 0===n?Array:n)(0===e?0:e)},Ve=ve("species"),Ke=ve("isConcatSpreadable"),Ge=9007199254740991,He="Maximum allowed index exceeded",We=ce>=51||!b((function(){var t=[];return t[Ke]=!1,t.concat()[0]!==t})),ze=(Ue="concat",ce>=51||!b((function(){var t=[];return(t.constructor={})[Ve]=function(){return{foo:1}},1!==t[Ue](Boolean).foo}))),Xe=function(t){if(!P(t))return!1;var e=t[Ke];return void 0!==e?!!e:Ne(t)};qt({target:"Array",proto:!0,forced:!We||!ze},{concat:function(t){var e,n,r,o,i,a=Se(this),u=qe(a,0),c=0;for(e=-1,r=arguments.length;e<r;e++)if(Xe(i=-1===e?a:arguments[e])){if(c+(o=Et(i.length))>Ge)throw TypeError(He);for(n=0;n<o;n++,c++)n in i&&Be(u,c,i[n])}else{if(c>=Ge)throw TypeError(He);Be(u,c++,i)}return u.length=c,u}});var Ye=[].join,Qe=T!=Object,Ze=ke("join",",");qt({target:"Array",proto:!0,forced:Qe||!Ze},{join:function(t){return Ye.call(I(this),void 0===t?",":t)}});var Je,tn=function(t,e,n){if(function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function")}(t),void 0===e)return t;switch(n){case 0:return function(){return t.call(e)};case 1:return function(n){return t.call(e,n)};case 2:return function(n,r){return t.call(e,n,r)};case 3:return function(n,r,o){return t.call(e,n,r,o)}}return function(){return t.apply(e,arguments)}},en=[].push,nn=function(t){var e=1==t,n=2==t,r=3==t,o=4==t,i=6==t,a=7==t,u=5==t||i;return function(c,f,l,s){for(var d,p,v=Se(c),h=T(v),y=tn(f,l,3),b=Et(h.length),g=0,m=s||qe,x=e?m(c,b):n||a?m(c,0):void 0;b>g;g++)if((u||g in h)&&(p=y(d=h[g],g,v),t))if(e)x[g]=p;else if(p)switch(t){case 3:return!0;case 5:return d;case 6:return g;case 2:en.call(x,d)}else switch(t){case 4:return!1;case 7:en.call(x,d)}return i?-1:r||o?o:x}},rn={forEach:nn(0),map:nn(1),filter:nn(2),some:nn(3),every:nn(4),find:nn(5),findIndex:nn(6),filterOut:nn(7)},on=Object.keys||function(t){return At(t,It)},an=g?Object.defineProperties:function(t,e){N(t);for(var n,r=on(e),o=r.length,i=0;o>i;)L.f(t,n=r[i++],e[n]);return t},un=yt("document","documentElement"),cn=ot("IE_PROTO"),fn=function(){},ln=function(t){return"<script>"+t+"</"+"script>"},sn=function(){try{Je=document.domain&&new ActiveXObject("htmlfile")}catch(t){}var t,e;sn=Je?function(t){t.write(ln("")),t.close();var e=t.parentWindow.Object;return t=null,e}(Je):((e=F("iframe")).style.display="none",un.appendChild(e),e.src=String("javascript:"),(t=e.contentWindow.document).open(),t.write(ln("document.F=Object")),t.close(),t.F);for(var n=It.length;n--;)delete sn.prototype[It[n]];return sn()};it[cn]=!0;var dn=Object.create||function(t,e){var n;return null!==t?(fn.prototype=N(t),n=new fn,fn.prototype=null,n[cn]=t):n=sn(),void 0===e?n:an(n,e)},pn=ve("unscopables"),vn=Array.prototype;null==vn[pn]&&L.f(vn,pn,{configurable:!0,value:dn(null)});var hn,yn=rn.find,bn="find",gn=!0;bn in[]&&Array(1).find((function(){gn=!1})),qt({target:"Array",proto:!0,forced:gn},{find:function(t){return yn(this,t,arguments.length>1?arguments[1]:void 0)}}),hn=bn,vn[pn][hn]=!0;var mn=E.f,xn=function(t){return function(e){for(var n,r=I(e),o=on(r),i=o.length,a=0,u=[];i>a;)n=o[a++],g&&!mn.call(r,n)||u.push(t?[n,r[n]]:r[n]);return u}},En={entries:xn(!0),values:xn(!1)}.entries;qt({target:"Object",stat:!0},{entries:function(t){return En(t)}});var wn=n.default.fn.bootstrapTable.utils;n.default.extend(n.default.fn.bootstrapTable.defaults,{editable:!0,onEditableInit:function(){return!1},onEditableSave:function(t,e,n,r,o){return!1},onEditableShown:function(t,e,n,r){return!1},onEditableHidden:function(t,e,n,r){return!1}}),n.default.extend(n.default.fn.bootstrapTable.columnDefaults,{alwaysUseFormatter:!1}),n.default.extend(n.default.fn.bootstrapTable.Constructor.EVENTS,{"editable-init.bs.table":"onEditableInit","editable-save.bs.table":"onEditableSave","editable-shown.bs.table":"onEditableShown","editable-hidden.bs.table":"onEditableHidden"}),n.default.BootstrapTable=function(t){!function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Super expression must either be null or a function");t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,writable:!0,configurable:!0}}),e&&a(t,e)}(v,t);var e,u,d,p=c(v);function v(){return r(this,v),p.apply(this,arguments)}return e=v,(u=[{key:"initTable",value:function(){var t=this;f(i(v.prototype),"initTable",this).call(this),this.options.editable&&(this.editedCells=[],n.default.each(this.columns,(function(e,r){if(r.editable){var o={},i=[],a="editable-",u=function(t,e){var n=t.replace(/([A-Z])/g,(function(t){return"-".concat(t.toLowerCase())}));0===n.indexOf(a)&&(o[n.replace(a,"data-")]=e)};n.default.each(t.options,u),r.formatter=r.formatter||function(t){return t},r._formatter=r._formatter?r._formatter:r.formatter,r.formatter=function(e,a,c){var f=wn.calculateObjectValue(r,r._formatter,[e,a,c],e);if(f=null==f?t.options.undefinedText:f,void 0!==t.options.uniqueId&&!r.alwaysUseFormatter){var l=wn.getItemField(a,t.options.uniqueId,!1);-1!==n.default.inArray(r.field+l,t.editedCells)&&(f=e)}n.default.each(r,u),n.default.each(o,(function(t,e){i.push(" ".concat(t,'="').concat(e,'"'))}));var s=!1,d=wn.calculateObjectValue(r,r.editable,[c,a],{});if(typeof f==='string'){f=f.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");}return d.hasOwnProperty("noEditFormatter")&&(s=d.noEditFormatter(e,a,c)),!1===s?'<a href="javascript:void(0)"\n            data-name="'.concat(r.field,'"\n            data-pk="').concat(a[t.options.idField],'"\n            data-value="').concat(f,'"\n            ').concat(i.join(""),"></a>"):s}}})))}},{key:"initBody",value:function(t){var e=this;f(i(v.prototype),"initBody",this).call(this,t),this.options.editable&&(n.default.each(this.columns,(function(t,r){if(r.editable){var o=e.getData({escape:!0}),i=e.$body.find('a[data-name="'.concat(r.field,'"]'));i.each((function(t,e){var i=n.default(e),a=i.closest("tr").data("index"),u=o[a],c=wn.calculateObjectValue(r,r.editable,[a,u,i],{});i.editable(c)})),i.off("save").on("save",(function(t,o){var i=t.currentTarget,a=o.newValue,u=n.default(i),c=e.getData(),f=u.parents("tr[data-index]").data("index"),l=c[f],s=l[r.field];if(void 0!==e.options.uniqueId&&!r.alwaysUseFormatter){var d=wn.getItemField(l,e.options.uniqueId,!1);-1===n.default.inArray(r.field+d,e.editedCells)&&e.editedCells.push(r.field+d)}a=wn.escapeHTML(a),u.data("value",a),l[r.field]=a,e.trigger("editable-save",r.field,l,f,s,u),e.initBody()})),i.off("shown").on("shown",(function(t,o){var i=t.currentTarget,a=n.default(i),u=e.getData()[a.parents("tr[data-index]").data("index")];e.trigger("editable-shown",r.field,u,a,o)})),i.off("hidden").on("hidden",(function(t,o){var i=t.currentTarget,a=n.default(i),u=e.getData()[a.parents("tr[data-index]").data("index")];e.trigger("editable-hidden",r.field,u,a,o)}))}})),this.trigger("editable-init"))}},{key:"getData",value:function(t){var e=f(i(v.prototype),"getData",this).call(this,t);if(t&&t.escape){var n,r=function(t,e){var n;if("undefined"==typeof Symbol||null==t[Symbol.iterator]){if(Array.isArray(t)||(n=s(t))||e&&t&&"number"==typeof t.length){n&&(t=n);var r=0,o=function(){};return{s:o,n:function(){return r>=t.length?{done:!0}:{done:!1,value:t[r++]}},e:function(t){throw t},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,u=!1;return{s:function(){n=t[Symbol.iterator]()},n:function(){var t=n.next();return a=t.done,t},e:function(t){u=!0,i=t},f:function(){try{a||null==n.return||n.return()}finally{if(u)throw i}}}}(e);try{for(r.s();!(n=r.n()).done;)for(var o=n.value,a=0,u=Object.entries(o);a<u.length;a++){var c=l(u[a],2),d=c[0],p=c[1];o[d]=wn.unescapeHTML(p)}}catch(t){r.e(t)}finally{r.f()}}return e}}])&&o(e.prototype,u),d&&o(e,d),v}(n.default.BootstrapTable)}));

From 91e6d94c83912c4a7830568ddb6693161ec8355a Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Fri, 27 Aug 2021 14:27:35 +0200
Subject: [PATCH 3/4] Improved displaying of username and task title in tasks

---
 cps.py                   |  1 -
 cps/__init__.py          | 21 ++++++++++++++++-----
 cps/editbooks.py         |  6 +++++-
 cps/helper.py            |  8 +++++---
 cps/jinjia.py            |  1 -
 cps/static/js/main.js    | 10 ++++++++++
 cps/static/js/table.js   | 20 ++++++++++++++++++++
 cps/templates/tasks.html | 33 +++++----------------------------
 cps/web.py               |  2 +-
 9 files changed, 62 insertions(+), 40 deletions(-)

diff --git a/cps.py b/cps.py
index 737b0d97..46eb1440 100755
--- a/cps.py
+++ b/cps.py
@@ -70,7 +70,6 @@ def main():
     app.register_blueprint(shelf)
     app.register_blueprint(admi)
     app.register_blueprint(remotelogin)
-    # if config.config_use_google_drive:
     app.register_blueprint(gdrive)
     app.register_blueprint(editbook)
     if kobo_available:
diff --git a/cps/__init__.py b/cps/__init__.py
index 9b004640..3b100907 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -37,6 +37,11 @@ from . import config_sql, logger, cache_buster, cli, ub, db
 from .reverseproxy import ReverseProxied
 from .server import WebServer
 
+try:
+    import lxml
+    lxml_present = True
+except ImportError:
+    lxml_present = False
 
 mimetypes.init()
 mimetypes.add_type('application/xhtml+xml', '.xhtml')
@@ -90,6 +95,16 @@ db.CalibreDB.setup_db(config.config_calibre_dir, cli.settingspath)
 calibre_db = db.CalibreDB()
 
 def create_app():
+    if sys.version_info < (3, 0):
+        log.info(
+            '*** Python2 is EOL since end of 2019, this version of Calibre-Web is no longer supporting Python2, please update your installation to Python3 ***')
+        print(
+            '*** Python2 is EOL since end of 2019, this version of Calibre-Web is no longer supporting Python2, please update your installation to Python3 ***')
+        sys.exit(5)
+    if not lxml_present:
+        log.info('*** "lxml" is needed for calibre-web to run. Please install it using pip: "pip install lxml" ***')
+        print('*** "lxml" is needed for calibre-web to run. Please install it using pip: "pip install lxml" ***')
+        sys.exit(6)
     app.wsgi_app = ReverseProxied(app.wsgi_app)
     # For python2 convert path to unicode
     if sys.version_info < (3, 0):
@@ -99,12 +114,8 @@ def create_app():
 
     if os.environ.get('FLASK_DEBUG'):
         cache_buster.init_cache_busting(app)
-
     log.info('Starting Calibre Web...')
-    if sys.version_info < (3, 0):
-        log.info('*** Python2 is EOL since end of 2019, this version of Calibre-Web is no longer supporting Python2, please update your installation to Python3 ***')
-        print('*** Python2 is EOL since end of 2019, this version of Calibre-Web is no longer supporting Python2, please update your installation to Python3 ***')
-        sys.exit(5)
+
     Principal(app)
     lm.init_app(app)
     app.secret_key = os.getenv('SECRET_KEY', config_sql.get_flask_session_key(ub.session))
diff --git a/cps/editbooks.py b/cps/editbooks.py
index afc07513..d8e16e4c 100644
--- a/cps/editbooks.py
+++ b/cps/editbooks.py
@@ -26,7 +26,11 @@ from datetime import datetime
 import json
 from shutil import copyfile
 from uuid import uuid4
-from lxml.html.clean import clean_html
+try:
+    from lxml.html.clean import clean_html
+except ImportError:
+    pass
+
 
 # Improve this to check if scholarly is available in a global way, like other pythonic libraries
 try:
diff --git a/cps/helper.py b/cps/helper.py
index b6ea6760..8c0f1656 100644
--- a/cps/helper.py
+++ b/cps/helper.py
@@ -38,6 +38,7 @@ from flask_login import current_user
 from sqlalchemy.sql.expression import true, false, and_, text, func
 from werkzeug.datastructures import Headers
 from werkzeug.security import generate_password_hash
+from markupsafe import escape
 
 try:
     from urllib.parse import quote
@@ -97,10 +98,11 @@ def convert_book_format(book_id, calibrepath, old_book_format, new_book_format,
         settings['body'] = _(u'This e-mail has been sent via Calibre-Web.')
     else:
         settings = dict()
-    txt = (u"%s -> %s: %s" % (
+    link = '<a href="{}">{}</a>"'.format(url_for('web.show_book', book_id=book.id), escape(book.title))  # prevent xss
+    txt = u"{} -> {}: {}".format(
            old_book_format,
            new_book_format,
-           "<a href=\"" + url_for('web.show_book', book_id=book.id) + "\">" + book.title + "</a>"))
+           link)
     settings['old_book_format'] = old_book_format
     settings['new_book_format'] = new_book_format
     WorkerThread.add(user_id, TaskConvert(file_path, book.id, txt, settings, kindle_mail, user_id))
@@ -778,7 +780,7 @@ def render_task_status(tasklist):
 
             ret['taskMessage'] = "{}: {}".format(_(task.name), task.message)
             ret['progress'] = "{} %".format(int(task.progress * 100))
-            ret['user'] = user
+            ret['user'] = escape(user)  # prevent xss
             renderedtasklist.append(ret)
 
     return renderedtasklist
diff --git a/cps/jinjia.py b/cps/jinjia.py
index 2d18c6f0..554bc791 100644
--- a/cps/jinjia.py
+++ b/cps/jinjia.py
@@ -28,7 +28,6 @@ import mimetypes
 from uuid import uuid4
 
 from babel.dates import format_date
-from flask_babel import gettext as _
 from flask import Blueprint, request, url_for
 from flask_babel import get_locale
 from flask_login import current_user
diff --git a/cps/static/js/main.js b/cps/static/js/main.js
index fe8b498d..d8641c3e 100644
--- a/cps/static/js/main.js
+++ b/cps/static/js/main.js
@@ -20,6 +20,15 @@ function getPath() {
     var jsFileLocation = $("script[src*=jquery]").attr("src");  // the js file path
     return jsFileLocation.substr(0, jsFileLocation.search("/static/js/libs/jquery.min.js"));  // the js folder path
 }
+
+function elementSorter(a, b) {
+    a = +a.slice(0, -2);
+    b = +b.slice(0, -2);
+    if (a > b) return 1;
+    if (a < b) return -1;
+    return 0;
+}
+
 // Generic control/related handler to show/hide fields based on a checkbox' value
 // e.g.
 //  <input type="checkbox" data-control="stuff-to-show">
@@ -714,3 +723,4 @@ $(function() {
         });
     });
 });
+
diff --git a/cps/static/js/table.js b/cps/static/js/table.js
index 9d5c4fa7..60d1a957 100644
--- a/cps/static/js/table.js
+++ b/cps/static/js/table.js
@@ -22,6 +22,26 @@ var selections = [];
 var reload = false;
 
 $(function() {
+    $('#tasktable').bootstrapTable({
+        formatNoMatches: function () {
+            return '';
+        },
+        striped: true
+    });
+    if ($('#tasktable').length) {
+        setInterval(function () {
+            $.ajax({
+                method: "get",
+                url: getPath() + "/ajax/emailstat",
+                async: true,
+                timeout: 900,
+                success: function (data) {
+                    $('#table').bootstrapTable("load", data);
+                }
+            });
+        }, 2000);
+    }
+
     $("#books-table").on("check.bs.table check-all.bs.table uncheck.bs.table uncheck-all.bs.table",
         function (e, rowsAfter, rowsBefore) {
             var rows = rowsAfter;
diff --git a/cps/templates/tasks.html b/cps/templates/tasks.html
index 4a755c82..76f23dfe 100644
--- a/cps/templates/tasks.html
+++ b/cps/templates/tasks.html
@@ -5,7 +5,7 @@
 {% block body %}
 <div class="discover">
     <h2>{{_('Tasks')}}</h2>
-    <table class="table table-no-bordered" id="table" data-url="{{  url_for('web.get_email_status_json') }}"  data-sort-name="starttime" data-sort-order="asc">
+    <table class="table table-no-bordered" id="tasktable" data-url="{{  url_for('web.get_email_status_json') }}"  data-sort-name="starttime" data-sort-order="asc">
       <thead>
         <tr>
             {% if g.user.role_admin() %}
@@ -27,32 +27,9 @@
 {% endblock %}
 {% block js %}
 <script src="{{ url_for('static', filename='js/libs/bootstrap-table/bootstrap-table.min.js') }}"></script>
-        <script>
-            // ToDo: Move to js file
-            $('#table').bootstrapTable({
-               formatNoMatches: function () {
-                return '';
-                },
-                striped: true
-            });
-            setInterval(function() {
-                $.ajax({
-                    method:"get",
-                    url: "{{ url_for('web.get_email_status_json')}}",
-                    async: true,
-                    timeout: 900,
-                    success:function(data){
-                    $('#table').bootstrapTable("load", data);
-                }
-                });
-            }, 1000);
-            function elementSorter(a, b) {
-                a = +a.slice(0, -2);
-                b = +b.slice(0, -2);
-                if (a > b) return 1;
-                if (a < b) return -1;
-                return 0;
-            }
-        </script>
+<script src="{{ url_for('static', filename='js/table.js') }}"></script>
+<script>
+    // ToDo: Move to js file
+</script>
 
 {% endblock %}
diff --git a/cps/web.py b/cps/web.py
index f7291e0a..bf95be50 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -84,7 +84,7 @@ except ImportError:
 
 @app.after_request
 def add_security_headers(resp):
-    # resp.headers['Content-Security-Policy']= "script-src 'self' https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
+    resp.headers['Content-Security-Policy']= "script-src 'self'" # https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
     resp.headers['X-Content-Type-Options'] = 'nosniff'
     resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
     resp.headers['X-XSS-Protection'] = '1; mode=block'

From 7ae3255ea9da0038d88fbe7390df9f08986b1599 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Fri, 27 Aug 2021 14:28:30 +0200
Subject: [PATCH 4/4] Revert Content-Security-Policy header

---
 cps/web.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cps/web.py b/cps/web.py
index bf95be50..14857965 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -84,7 +84,7 @@ except ImportError:
 
 @app.after_request
 def add_security_headers(resp):
-    resp.headers['Content-Security-Policy']= "script-src 'self'" # https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
+    # resp.headers['Content-Security-Policy']= "script-src 'self'" https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
     resp.headers['X-Content-Type-Options'] = 'nosniff'
     resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
     resp.headers['X-XSS-Protection'] = '1; mode=block'