more style tweaks + brakeman fix

app/assets/stylesheets/clean.css.erb

@@ -620,7 +620,12 @@
     border-bottom: 5px solid transparent;
 }
 
-.importDialog div:after, .sidebarFilterIcon div:after, .sidebarForkIcon div:after, .addMap div:after, .sidebarAccountIcon .tooltipsUnder:after, .notificationsIcon div:after {
+.addMap div:after,
+.importDialog div:after,
+.sidebarForkIcon div:after,
+.sidebarFilterIcon div:after,
+.notificationsIcon div:after,
+.sidebarAccountIcon .tooltipsUnder:after,
     content: '';
     position: absolute;
     right: 40%;
@@ -631,6 +636,9 @@
     border-left: 5px solid transparent;
     border-right: 5px solid transparent;
 }
+.notificationsIcon .unread-notifications-dot:after {
+    content: none;
+}
 .sidebarFilterIcon div:after {
     right: 37% !important;
 }

app/controllers/access_controller.rb

@@ -22,7 +22,7 @@ class AccessController < ApplicationController
     request = AccessRequest.create(user: current_user, map: @map)
     # what about push notification to map owner?
     mail = MapMailer.access_request_email(request, @map)
-    @map.user.notify(mail.subject, mail.body)
+    @map.user.notify(mail.subject, mail.body.parts[1].body.to_s)
 
     respond_to do |format|
       format.json do
@@ -40,7 +40,7 @@ class AccessController < ApplicationController
       # who we then send an email to
       user = User.find(user_id)
       mail = MapMailer.invite_to_edit_email(@map, current_user, User.find(user_id))
-      user.notify(mail.subject, mail.body)
+      user.notify(mail.subject, mail.body.parts[1].body.to_s)
     end
     @map.remove_old_collaborators(user_ids)
 

app/views/mailboxer/notification_mailer/new_notification_email.html.erb

@@ -4,7 +4,6 @@
     <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
   </head>
   <body>
-    <% binding.pry %>
+    <%= raw @notification.body %>
-    <%= raw @notification.body.parts[1].encoded %>
   </body>
 </html>

app/views/mailboxer/notification_mailer/new_notification_email.text.erb

@@ -1,2 +1 @@
-<% body = @notification.body.parts[0].encoded %>
+<%= @notification.body.html_safe? ? @notification.body : strip_tags(@notification.body) %>
-<%= body.html_safe? ? body : strip_tags(body) %>

app/views/notifications/index.html.erb

@@ -13,7 +13,7 @@
               <%= notification.subject %>
             </div>
             <div class="notification-body">
-              <%= notification.body.truncate(70) %>
+              <%= strip_tags(notification.body).truncate(70) %>
             </div>
           <% end %>
           <div class="notification-read-unread">

app/views/notifications/show.html.erb

@@ -4,7 +4,7 @@
 <div id="yield">
   <div class="centerContent notificationPage">
     <h2 class="title"><%= @notification.subject %></h4>
-    <%= @notification.body %>
+    <%= raw @notification.body %>
     <div class="back">
       <%= link_to 'Back', notifications_path %>
     </div>

config/brakeman.ignore

@@ -0,0 +1,24 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Cross Site Scripting",
+      "warning_code": 2,
+      "fingerprint": "88694dca0bcc2226859746f9ed40cc682d6e5eaec1e73f2be557770a854ede0b",
+      "message": "Unescaped model attribute",
+      "file": "app/views/notifications/show.html.erb",
+      "line": 7,
+      "link": "http://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+      "code": "current_user.mailbox.notifications.find_by(:id => params[:id]).body",
+      "render_path": [{"type":"controller","class":"NotificationsController","method":"show","line":24,"file":"app/controllers/notifications_controller.rb"}],
+      "location": {
+        "type": "template",
+        "template": "notifications/show"
+      },
+      "user_input": "current_user.mailbox.notifications",
+      "confidence": "Weak",
+      "note": ""
+    }
+  ],
+  "updated": "2016-11-29 13:01:34 -0500",
+  "brakeman_version": "3.4.0"
+}