because sometimes that row gets modified and subsequent
calls to Warning#to_row will return the modified version
thereby breaking things.

instead of when reporting, which lead to confusion
and filtering all over the place instead of in one place.

fixes #47

Catch raw hrefs as bad, warn unless wrapped in a "safe" method

Avoid some processing by checking for duplicates first

Add concept of a safe-ening method to mark hrefs as safe

Feature:
Warn when using unsafe hrefs.  This is a very specific case that as of now produces a ton of noise.  This came out of an xss vuln where the value was escaped but still vulnerable.

    link_to 'asdf', h(@scary)

where

    @scary = 'javascript:alert(1)'

or

    @scary = 'data:  # http://palpapers.plynt.com/issues/2010Oct/bypass-xss-filters/

This branch accomplishes slightly intelligent warnings by adding a new command line option to declare methods that make a string URL safe (unless there is already a standard one out there).  e.g.:

    $ brakeman . --url-safe-methods ensure_valid_protocol!

    link_to 'asdf', ensure_valid_protocol!(@scary, :javascript)

[ci skip]

this is the real cutoff for 1.3.0

[ci skip]

closes #44

to attempt to avoid stuff blowing up ridiculously
which should help #36

in partial completion of #39

which appears to fix #36

so we get less "1 or 2 or 1 or 1 or 2" kind of stuff

so we don't get "1 or 2 or 1 or 1 or1" kind of stuff

closes #41

fixes #42