more style tweaks + brakeman fix

This commit is contained in:
Devin Howard 2016-11-29 11:15:14 -05:00
parent c46e85529e
commit 9b95e91f1a
7 changed files with 39 additions and 9 deletions

View file

@ -620,7 +620,12 @@
border-bottom: 5px solid transparent;
}
.importDialog div:after, .sidebarFilterIcon div:after, .sidebarForkIcon div:after, .addMap div:after, .sidebarAccountIcon .tooltipsUnder:after, .notificationsIcon div:after {
.addMap div:after,
.importDialog div:after,
.sidebarForkIcon div:after,
.sidebarFilterIcon div:after,
.notificationsIcon div:after,
.sidebarAccountIcon .tooltipsUnder:after,
content: '';
position: absolute;
right: 40%;
@ -631,6 +636,9 @@
border-left: 5px solid transparent;
border-right: 5px solid transparent;
}
.notificationsIcon .unread-notifications-dot:after {
content: none;
}
.sidebarFilterIcon div:after {
right: 37% !important;
}

View file

@ -22,7 +22,7 @@ class AccessController < ApplicationController
request = AccessRequest.create(user: current_user, map: @map)
# what about push notification to map owner?
mail = MapMailer.access_request_email(request, @map)
@map.user.notify(mail.subject, mail.body)
@map.user.notify(mail.subject, mail.body.parts[1].body.to_s)
respond_to do |format|
format.json do
@ -40,7 +40,7 @@ class AccessController < ApplicationController
# who we then send an email to
user = User.find(user_id)
mail = MapMailer.invite_to_edit_email(@map, current_user, User.find(user_id))
user.notify(mail.subject, mail.body)
user.notify(mail.subject, mail.body.parts[1].body.to_s)
end
@map.remove_old_collaborators(user_ids)

View file

@ -4,7 +4,6 @@
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
</head>
<body>
<% binding.pry %>
<%= raw @notification.body.parts[1].encoded %>
<%= raw @notification.body %>
</body>
</html>

View file

@ -1,2 +1 @@
<% body = @notification.body.parts[0].encoded %>
<%= body.html_safe? ? body : strip_tags(body) %>
<%= @notification.body.html_safe? ? @notification.body : strip_tags(@notification.body) %>

View file

@ -13,7 +13,7 @@
<%= notification.subject %>
</div>
<div class="notification-body">
<%= notification.body.truncate(70) %>
<%= strip_tags(notification.body).truncate(70) %>
</div>
<% end %>
<div class="notification-read-unread">

View file

@ -4,7 +4,7 @@
<div id="yield">
<div class="centerContent notificationPage">
<h2 class="title"><%= @notification.subject %></h4>
<%= @notification.body %>
<%= raw @notification.body %>
<div class="back">
<%= link_to 'Back', notifications_path %>
</div>

24
config/brakeman.ignore Normal file
View file

@ -0,0 +1,24 @@
{
"ignored_warnings": [
{
"warning_type": "Cross Site Scripting",
"warning_code": 2,
"fingerprint": "88694dca0bcc2226859746f9ed40cc682d6e5eaec1e73f2be557770a854ede0b",
"message": "Unescaped model attribute",
"file": "app/views/notifications/show.html.erb",
"line": 7,
"link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
"code": "current_user.mailbox.notifications.find_by(:id => params[:id]).body",
"render_path": [{"type":"controller","class":"NotificationsController","method":"show","line":24,"file":"app/controllers/notifications_controller.rb"}],
"location": {
"type": "template",
"template": "notifications/show"
},
"user_input": "current_user.mailbox.notifications",
"confidence": "Weak",
"note": ""
}
],
"updated": "2016-11-29 13:01:34 -0500",
"brakeman_version": "3.4.0"
}