diff --git a/lib/brakeman/checks/check_cross_site_scripting.rb b/lib/brakeman/checks/check_cross_site_scripting.rb
index 005b020e6a340106c5d95fa6d7fb2a9197f6fa09..11466b788169efa02af81942157a202c07874894 100644
--- a/lib/brakeman/checks/check_cross_site_scripting.rb
+++ b/lib/brakeman/checks/check_cross_site_scripting.rb
@@ -31,7 +31,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
 
   CGI = Sexp.new(:const, :CGI)
 
-  FORM_BUILDER = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist)) 
+  FORM_BUILDER = Sexp.new(:call, Sexp.new(:const, :FormBuilder), :new, Sexp.new(:arglist))
 
   #Run check
   def run_check
@@ -58,8 +58,9 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
       @known_dangerous << :strip_tags
     end
 
-    matches = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
-    json_escape_on = matches.detect {|result| true? result[-1].first_arg}
+    json_escape_on = false
+    initializers = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
+    initializers.each {|result| json_escape_on = true? (result[-1].first_arg) }
 
     if !json_escape_on or version_between? "0.0.0", "2.0.99"
       @known_dangerous << :to_json
@@ -107,7 +108,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
         message = "Unescaped user input value"
       end
 
-      warn :template => @current_template, 
+      warn :template => @current_template,
         :warning_type => "Cross Site Scripting",
         :message => message,
         :code => input.match,
@@ -128,13 +129,13 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
         message = "Unescaped model attribute"
         link_path = "cross_site_scripting"
         if node_type?(out, :call, :attrasgn) && out.method == :to_json
-          message += " in JSON hash" 
+          message += " in JSON hash"
           link_path += "_to_json"
         end
 
         code = find_chain out, match
         warn :template => @current_template,
-          :warning_type => "Cross Site Scripting", 
+          :warning_type => "Cross Site Scripting",
           :message => message,
           :code => code,
           :confidence => confidence,
@@ -203,7 +204,7 @@ class Brakeman::CheckCrossSiteScripting < Brakeman::BaseCheck
           end
 
           warn :template => @current_template,
-            :warning_type => "Cross Site Scripting", 
+            :warning_type => "Cross Site Scripting",
             :message => message,
             :code => exp,
             :user_input => @matched.match,
diff --git a/test/apps/rails3.1/app/views/users/json_test.html.erb b/test/apps/rails3.1/app/views/users/json_test.html.erb
new file mode 100644
index 0000000000000000000000000000000000000000..166ffb7c5a803548f31eeb8ad1b2231e44e33f5f
--- /dev/null
+++ b/test/apps/rails3.1/app/views/users/json_test.html.erb
@@ -0,0 +1 @@
+<%= raw({:donkey => params[:donkey]}.to_json) %>
\ No newline at end of file
diff --git a/test/apps/rails3.1/config/initializers/set_escape_json.rb b/test/apps/rails3.1/config/initializers/set_escape_json.rb
new file mode 100644
index 0000000000000000000000000000000000000000..18bd6cd3681b07a4f675167c45cf7ecaab84eda0
--- /dev/null
+++ b/test/apps/rails3.1/config/initializers/set_escape_json.rb
@@ -0,0 +1,2 @@
+# this value will be overwritten in unset_escape_json.rb
+ActiveSupport.escape_html_entities_in_json = true
diff --git a/test/apps/rails3.1/config/initializers/unset_escape_json.rb b/test/apps/rails3.1/config/initializers/unset_escape_json.rb
new file mode 100644
index 0000000000000000000000000000000000000000..327f162364e2cf4084f92e3bdf892453f972af49
--- /dev/null
+++ b/test/apps/rails3.1/config/initializers/unset_escape_json.rb
@@ -0,0 +1,2 @@
+# this overwrites the value set in set_escape_json
+ActiveSupport.escape_html_entities_in_json = false
\ No newline at end of file
diff --git a/test/tests/test_rails31.rb b/test/tests/test_rails31.rb
index ee8e40e675edb01eb91d0b8814c1e9e1c108c8a6..74fd7e16c3fef0e1dec81fae824068c58edb8520 100644
--- a/test/tests/test_rails31.rb
+++ b/test/tests/test_rails31.rb
@@ -13,7 +13,7 @@ class Rails31Tests < Test::Unit::TestCase
   def expected
     @expected ||= {
       :model => 0,
-      :template => 15,
+      :template => 16,
       :controller => 1,
       :warning => 48 }
   end
@@ -604,4 +604,13 @@ class Rails31Tests < Test::Unit::TestCase
       :confidence => 0,
       :file => /Gemfile/
   end
+
+  def test_to_json_with_overwritten_config
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :message => /^Unescaped parameter value in JSON hash/,
+      :confidence => 0,
+      :line => 1,
+      :file => /json_test\.html\.erb/
+  end
 end