From 752f195d12b0b24c5b64df7edfbf695657a166f5 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Sun, 8 Sep 2013 21:04:59 -0700
Subject: [PATCH] Assume `to_json` to be safe in Rails 4

---
 lib/brakeman/checks/check_cross_site_scripting.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb
index fa64dec2..aab408d4 100644
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -66,6 +66,8 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
       true? tracker.config[:rails][:active_support][:escape_html_entities_in_json]
 
         json_escape_on = true
+    elsif version_between? "4.0.0", "5.0.0"
+      json_escape_on = true
     end
 
     if !json_escape_on or version_between? "0.0.0", "2.0.99"
-- 
GitLab