lib/brakeman/processors/template_alias_processor.rb in brakeman-5.0.0.pre1 vs lib/brakeman/processors/template_alias_processor.rb in brakeman-5.0.0
- old
+ new
@@ -18,9 +18,14 @@
@called_from = called_from
end
#Process template
def process_template name, args, _, line = nil
+ # Strip forward slash from beginning of template path.
+ # This also happens in RenderHelper#process_template but
+ # we need it here too to accurately avoid circular renders below.
+ name = name.to_s.gsub(/^\//, "")
+
if @called_from
if @called_from.include_template? name
Brakeman.debug "Skipping circular render from #{@template.name} to #{name}"
return
end