Better ignore safe methods in XSS checks

lib/brakeman/checks/check_cross_site_scripting.rb

@@ -61,6 +61,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
       out = exp.value.first_arg
     end
 
+    return if call? out and ignore_call? out.target, out.method
+
     if input = has_immediate_user_input?(out)
       add_result exp
 

lib/brakeman/checks/check_link_to_href.rb

@@ -42,6 +42,7 @@ class Brakeman::CheckLinkToHref < Brakeman::CheckLinkTo
     #with something before the user input
     return if node_type?(url_arg, :string_interp) && !url_arg[1].chomp.empty?
 
+    return if call? url_arg and ignore_call? url_arg.target, url_arg.method
 
     if input = has_immediate_user_input?(url_arg)
       message = "Unsafe #{friendly_type_of input} in link_to href"