This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.
This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.
Malicious users may poison a frame allowing them to conduct phishing attacks.
Your script should filter metacharacters from user input.
Cross Frame Scripting