Which code in a Visualforce page and/or controller might present a security vulnerability?

Which code in a Visualforce page and/or controller might present a security vulnerability?
A . <apex:outputField value="{!ctrl.userInput}" />
B . <apex:outputText escape="false" value=" {!$CurrentPage.parameters.userInput}" />
C . <apex:outputText value="{!£CurrentPage.parameters.userInput}" />
D . <apex:outputField escape="false" value="{!ctrl.userInput}" />

View Answer

Answer: B