Slim: add the actual escaped value to output

not the escaping call
webshell520 · Aug 31, 2016 · 2e2c7a6 · 2e2c7a6
1 parent be7d16d
commit 2e2c7a6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/brakeman/processors/slim_template_processor.rb b/lib/brakeman/processors/slim_template_processor.rb
@@ -16,7 +16,7 @@ def process_call exp
       arg = normalize_output(exp.first_arg)
 
       if is_escaped? arg
-        add_escaped_output arg
+        add_escaped_output arg.first_arg
       elsif string? arg
         ignore
       elsif render? arg