diff --git a/test/apps/rails3/app/views/home/test_content_tag.html.erb b/test/apps/rails3/app/views/home/test_content_tag.html.erb
new file mode 100644
index 0000000000000000000000000000000000000000..282dbe420617f1f5807972ca3d6cdb34bf62fe5e
--- /dev/null
+++ b/test/apps/rails3/app/views/home/test_content_tag.html.erb
@@ -0,0 +1,35 @@
+Should not warn
+<%= content_tag :p, h(params[:something]) %>
+
+Should not warn
+<%= content_tag :span, @user.name %>
+
+Should warn
+<%= content_tag :span, raw(params[:blah]) %>
+
+Should not warn
+<%= content_tag :div, "Blah!", { :class => params[:class] }, true %>
+
+Should warn
+<%= content_tag :div, "Blah!", { cookies[:weird] => "bad idea" } %>
+
+Should not warn
+<%= content_tag :h1, params[:x] == 1 ? "totally" : "safe" %>
+
+Should still warn
+<%= content_tag :div, "Blah!", { @user.something => "bad idea"}, true %>
+
+Should not warn
+<%= content_tag :div, "Blah!", { :class => params[:class] } %>
+
+Should warn
+<%= content_tag :div, "Blah!", { :id => @user.name }, false %>
+
+Should not warn
+<%= content_tag :div, x(params[:maybe_bad]) %>
+
+Should warn
+<%= content_tag params[:whyyy], "Don't do this" %>
+
+Should warn
+<%= content_tag @user.preferred_markup, "Seriously" %>
diff --git a/test/tests/test_rails3.rb b/test/tests/test_rails3.rb
index 990308b8ad6236cfaa6ee00d76ed3e62b2cc97b4..f0f64045c43f2cbb8969fec2a73394052f55ab85 100644
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -14,7 +14,7 @@ class Rails3Tests < Test::Unit::TestCase
     @expected ||= {
       :controller => 1,
       :model => 5,
-      :template => 27,
+      :template => 29,
       :warning => 29
     }
   end
@@ -622,6 +622,24 @@ class Rails3Tests < Test::Unit::TestCase
       :file => /test_content_tag\.html\.erb/
   end 
 
+  def test_xss_content_tag_in_tag_name
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :line => 32,
+      :message => /^Unescaped\ parameter\ value\ in\ content_tag/,
+      :confidence => 0,
+      :file => /test_content_tag\.html\.erb/
+  end
+
+  def test_cross_site_scripting_model_in_tag_name
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :line => 35,
+      :message => /^Unescaped\ model\ attribute\ in\ content_tag/,
+      :confidence => 0,
+      :file => /test_content_tag\.html\.erb/
+  end
+
   def test_cross_site_scripting_request_parameters
     assert_warning :type => :template,
       :warning_type => "Cross Site Scripting",