See: Cross-Site Scripting (XSS)
These are very basic XSS examples.
cgilua.htmlheader() cgilua.put(cgilua.QUERY.name) cgilua.put(cgilua.POST.name)