# File lib/brakeman/checks/check_content_tag.rb, line 159
  def check_cve_2016_6316
    if cve_2016_6316?
      confidence = if @content_tags.any?
                     :high
                   else
                     :medium
                   end

      fix_version = case
                    when version_between?("3.0.0", "3.2.22.3")
                      "3.2.22.4"
                    when version_between?("4.0.0", "4.2.7.0")
                      "4.2.7.1"
                    when version_between?("5.0.0", "5.0.0")
                      "5.0.0.1"
                    when (version.nil? and tracker.options[:rails3])
                      "3.2.22.4"
                    when (version.nil? and tracker.options[:rails4])
                      "4.2.7.2"
                    else
                      return
                    end

      warn :warning_type => "Cross-Site Scripting",
        :warning_code => :CVE_2016_6316,
        :message => msg(msg_version(rails_version), " ", msg_code("content_tag"), " does not escape double quotes in attribute values ", msg_cve("CVE-2016-6316"), ". Upgrade to ", msg_version(fix_version)),
        :confidence => confidence,
        :gem_info => gemfile_or_environment,
        :link_path => "https://groups.google.com/d/msg/ruby-security-ann/8B2iV2tPRSE/JkjCJkSoCgAJ"
    end
  end