class Brakeman::CheckCrossSiteScripting

def process_escaped_output exp

Otherwise, ignore
Look for calls to raw()

def process_escaped_output exp
  unless check_for_immediate_xss exp
    if not duplicate? exp
      if raw_call? exp
        process exp.value.first_arg
      elsif html_safe_call? exp
        process exp.value.target
      end
    end
  end
  exp
end