Cfexecute argument injection prevention

Hi to all, I’m in the need to pass an URL as an argument to cfexecute and the URL will be set by anoynmous user inputs. Because of that I need to sanitize/check that URL to prevent any malicious CMD injections. I know SQL-injection-prevention with cfqueryparam, but is there any similar way to do that with cfexecute arguments? Would the function IsValid(“url”, userinput.url) be sufficient in that case? What else should I consider? Thanks in advance for any tips!

You can do some type checking on the URL variables with cfparam

https://docs.lucee.org/reference/tags/param.html

Going to look into this. Thanks for the tip!