The search form in Tiki Wiki is vulnerable to
cross-site scripting attempts. tiki-searchresults.php
needs to be modified to make sure that the search
request is clean of HTML. I would suggest setting a
variable at the top of the page equal to
strip_tags($_REQUEST["words"]) and just use that
variable everywhere. This makes things a bit cleaner as
you only have to worry about strip_tags once.