Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.