# File lib/brakeman/checks/check_link_to_href.rb, line 32
  def process_result result
    #Have to make a copy of this, otherwise it will be changed to
    #an ignored method call by the code above.
    call = result[:call] = result[:call].dup
    @matched = false
    url_arg = process call.second_arg

    if check_argument? url_arg
      url_arg = url_arg.first_arg
    end

    return if call? url_arg and ignore_call? url_arg.target, url_arg.method

    if input = has_immediate_user_input?(url_arg)
      message = msg("Unsafe ", msg_input(input), " in ", msg_code("link_to"), " href")

      unless duplicate? result or call_on_params? url_arg or ignore_interpolation? url_arg, input.match
        add_result result
        warn :result => result,
          :warning_type => "Cross-Site Scripting",
          :warning_code => :xss_link_to_href,
          :message => message,
          :user_input => input,
          :confidence => :high,
          :link_path => "link_to_href"
      end
    elsif not tracker.options[:ignore_model_output] and input = has_immediate_model?(url_arg)
      return if ignore_model_call? url_arg, input or duplicate? result
      add_result result

      message = msg("Potentially unsafe model attribute in ", msg_code("link_to"), " href")

      warn :result => result,
        :warning_type => "Cross-Site Scripting",
        :warning_code => :xss_link_to_href,
        :message => message,
        :user_input => input,
        :confidence => :weak,
        :link_path => "link_to_href"
    end
  end