Ruby on Rails Mysterious Javascript Alert box with cookie information

I have a problem in a Ruby on Rails app that I am working on. I have been working on the app for months and I have never had this problem before and after a bit of Google searches I think that somehow someone is trying to steal cookies with javascript.

When I click on the link I get an alert box titled "the page at www.napkinboard.com sa开发者_如何学Pythonys:" and contains the following message:

__utmz=217223433.1270652009.59.3.utmcsr=localhost:3000|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=217223433.2133018314.1265749085.1271097412.1271125626.63; __utmc=217223433; __utmb=217223433.11.10.1271125626

I checked the database and all data associated with this 'food_item' looks completely normal and does not contain any javascript at all.

How did this suddenly happen and how can I stop it? I appreciate any help. Thanks.

EDIT: Can't believe I forgot the URL: http://www.napkinboard.com/food_items/413

It sounds like you've found a link that exploits an XSS vulnerability using the query string.

Make sure to properly escape all of your output.

load up firefox and firebug, and see what the javascript and network stack trace show. That should give you an idea of where it's coming from, etc.