Marc Mauger simianarmy

## rails_xss_gsub_crash
str = ActiveSupport::SafeBuffer.new "&lt;script&gt;alert&lt;/script&gt;"
CGI::unescapeHTML str
=>TypeError: can't dup NilClass
from /Users/marcm/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/cgi.rb:371:in `dup'

UnescapeHTML chokes b/c $1 = nil on line 371:

   369    def CGI::unescapeHTML(string)
   370      string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/n) do
=> 371        match = $1.dup

## Questions
Day job: Web developer
What is your language of choice: Ruby
Open Source contributions: mogli, cocos2d-javascript
How do you use GitHub: Private repos for work projects, public ones for everything else.  Used with Capistrano deploys locally & for EngineYard deployment
	str = ActiveSupport::SafeBuffer.new "<script>alert</script>"
	CGI::unescapeHTML str
	=>TypeError: can't dup NilClass
	from /Users/marcm/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/cgi.rb:371:in `dup'

	UnescapeHTML chokes b/c $1 = nil on line 371:

	369 def CGI::unescapeHTML(string)
	370 string.gsub(/&(amp\|quot\|gt\|lt\|\#[0-9]+\|\#x[0-9A-Fa-f]+);/n) do
	=> 371 match = $1.dup
	Day job: Web developer
	What is your language of choice: Ruby
	Open Source contributions: mogli, cocos2d-javascript
	How do you use GitHub: Private repos for work projects, public ones for everything else. Used with Capistrano deploys locally & for EngineYard deployment