diff --git a/test/apps/rails3/app/controllers/application_controller.rb b/test/apps/rails3/app/controllers/application_controller.rb
index a4d31009405a3ff635f9ffd5825f8cf653eb89c0..be4f9e8864572848b8e9aa7ebd01303bd795ff5b 100644
--- a/test/apps/rails3/app/controllers/application_controller.rb
+++ b/test/apps/rails3/app/controllers/application_controller.rb
@@ -1,3 +1,4 @@
 class ApplicationController < ActionController::Base
 #  protect_from_forgery
+  before_filter :action_in_parent, :only => :action_in_child
 end
diff --git a/test/apps/rails3/app/controllers/base_thing.rb b/test/apps/rails3/app/controllers/base_thing.rb
new file mode 100644
index 0000000000000000000000000000000000000000..04d768b7d54b071295fcbe421e6a37346b753b4e
--- /dev/null
+++ b/test/apps/rails3/app/controllers/base_thing.rb
@@ -0,0 +1,5 @@
+class BaseThing < ApplicationController
+  def action_in_parent
+    @from_parent = params[:horrible_thing]
+  end
+end
diff --git a/test/apps/rails3/app/controllers/child_controller.rb b/test/apps/rails3/app/controllers/child_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..79890d55af6d0f05530a397b6bac1f99ef47910e
--- /dev/null
+++ b/test/apps/rails3/app/controllers/child_controller.rb
@@ -0,0 +1,5 @@
+class ChildController < BaseThing
+  def action_in_child
+    #Should get @from_parent here
+  end
+end
diff --git a/test/apps/rails3/app/views/child/action_in_child.html.erb b/test/apps/rails3/app/views/child/action_in_child.html.erb
new file mode 100644
index 0000000000000000000000000000000000000000..c7444b2dd7545ecb5a32273cbc496363b1656364
--- /dev/null
+++ b/test/apps/rails3/app/views/child/action_in_child.html.erb
@@ -0,0 +1 @@
+<%= raw @from_parent %>
diff --git a/test/tests/test_rails3.rb b/test/tests/test_rails3.rb
index 543fbe66d1cadf82c8466e337d79579648d61a16..6a7296169cdf275cc91012fd91c9dd3ccc712da0 100644
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -14,7 +14,7 @@ class Rails3Tests < Test::Unit::TestCase
     @expected ||= {
       :controller => 1,
       :model => 8,
-      :template => 37,
+      :template => 38,
       :warning => 54
     }
 
@@ -848,6 +848,17 @@ class Rails3Tests < Test::Unit::TestCase
       :file => /so_nested\.html\.erb/
   end
 
+  def test_cross_site_scripting_from_parent
+    assert_warning :type => :template,
+      :warning_code => 2,
+      :fingerprint => "1e860da2c9a0cac3d898f3c4327877b3bdfa391048a19bfd6f55d6e283cc5b33",
+      :warning_type => "Cross Site Scripting",
+      :line => 1,
+      :message => /^Unescaped\ parameter\ value/,
+      :confidence => 0,
+      :relative_path => "app/views/child/action_in_child.html.erb"
+  end
+
   def test_cross_site_scripting_select_tag_CVE_2012_3463
     assert_warning :type => :template,
       :warning_type => "Cross Site Scripting",