As I am revamping the code for The Lyrics Archive, I must remember that I should do more validation. For more information read Security Best Practice: Validating Browser Input. "An underlying problem with many web applications is that they dynamically generate HTML pages containing non-validated browser input. If browser-submitted Cookie, URL and Form variables are not validated, malicious users can potentially embed web browser-executed scripts within the input. If a server-side script then re-displays this non-validated input, the script runs on the browser as though the trusted site generated it." See also: the Allaire Security Bulletin (ASB00-05) Cross-Site Scripting Vulnerability and Tutorial 8: The guide to ColdFusion error handling at CFvault.com.