diff --git a/comments.php b/comments.php
index 817601120d..db332deb3f 100644
--- a/comments.php
+++ b/comments.php
@@ -13,7 +13,7 @@
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
 
-echo $_GET['asdf'];
+echo isset($_GET['asdf']) ? htmlspecialchars($_GET['asdf'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') : '';
 
 if (!$conf['activate_comments'])
 {