# File lib/brakeman/checks/check_cross_site_scripting.rb, line 283
  def setup
    @ignore_methods = Set[:==, :!=, :button_to, :check_box, :content_tag, :escapeHTML, :escape_once,
                           :field_field, :fields_for, :h, :hidden_field,
                           :hidden_field, :hidden_field_tag, :image_tag, :label,
                           :link_to, :mail_to, :radio_button, :select,
                           :submit_tag, :text_area, :text_field,
                           :text_field_tag, :url_encode, :u, :url_for,
                           :will_paginate].merge tracker.options[:safe_methods]

    @models = tracker.models.keys
    @inspect_arguments = tracker.options[:check_arguments]

    @known_dangerous = Set[:truncate, :concat]

    if version_between? "2.0.0", "3.0.5"
      @known_dangerous << :auto_link
    elsif version_between? "3.0.6", "3.0.99"
      @ignore_methods << :auto_link
    end

    if version_between? "2.0.0", "2.3.14" or tracker.config.gem_version('rails-html-sanitizer''rails-html-sanitizer') == '1.0.2'
      @known_dangerous << :strip_tags
    end

    if tracker.config.has_gem? 'rails-html-sanitizer''rails-html-sanitizer' and
       version_between? "1.0.0", "1.0.2", tracker.config.gem_version('rails-html-sanitizer''rails-html-sanitizer')

      @known_dangerous << :sanitize
    end

    json_escape_on = false
    initializers = tracker.check_initializers :ActiveSupport, :escape_html_entities_in_json=
    initializers.each {|result| json_escape_on = true?(result.call.first_arg) }

    if tracker.config.escape_html_entities_in_json?
        json_escape_on = true
    elsif version_between? "4.0.0", "9.9.9"
      json_escape_on = true
    end

    if !json_escape_on or version_between? "0.0.0", "2.0.99"
      @known_dangerous << :to_json
      Brakeman.debug("Automatic to_json escaping not enabled, consider to_json dangerous")
    else
      @safe_input_attributes << :to_json
      Brakeman.debug("Automatic to_json escaping is enabled.")
    end
  end