# File lib/brakeman/checks/check_cross_site_scripting.rb, line 161
  def process_call exp
    if @mark
      actually_process_call exp
    else
      @mark = true
      actually_process_call exp
      message = nil

      if @matched
        unless @matched.type and tracker.options[:ignore_model_output]
          message = msg("Unescaped ", msg_input(@matched))
        end

        if message and not duplicate? exp
          add_result exp

          link_path = "cross_site_scripting"
          warning_code = :cross_site_scripting

          if @known_dangerous.include? exp.method
            confidence = :high
            if exp.method == :to_json
              message << msg_plain(" in JSON hash")
              link_path += "_to_json"
              warning_code = :xss_to_json
            end
          else
            confidence = :weak
          end

          warn :template => @current_template,
            :warning_type => "Cross-Site Scripting",
            :warning_code => warning_code,
            :message => message,
            :code => exp,
            :user_input => @matched,
            :confidence => confidence,
            :link_path => link_path
        end
      end

      @mark = @matched = false
    end

    exp
  end