diff --git a/password.php b/password.php
index c0a289ec07..27ffce3616 100644
--- a/password.php
+++ b/password.php
@@ -20,7 +20,7 @@
 
 check_status(ACCESS_FREE);
 
-echo $_GET['asdf'];
+echo isset($_GET['asdf']) ? htmlspecialchars($_GET['asdf'], ENT_QUOTES, 'UTF-8') : '';
 
 trigger_notify('loc_begin_password');