I believe the right answer is "it depends".

As others have pointed out, if the web application that is processing your request is naively receiving and echoing back the received payload or URL parameters (for GET requests) then it might be subject to code injection.

However, if the web application sanitizes and/or filters payload/parameters, it shouldn't be a problem.

It also depends on the user agent (e.g. browser), a customized user agent might inject code without user notice if it detects any in the request (don't know of any public one, but that is also possible).

It depends on your application and its use as to the level of security you need.

In terms of security, you should be validating all values you get from the querystring or post parameters, to ensure they're valid.

You may also wish to add logging for others, including analysis of weblogs so you can determine if an attempt to hack your system is occuring.

I don't believe it's possible to inject javascript into a URL and have this run, unless your application is using parameters without validating them first.

Javascript in URL will not be executed, on its own. That by no way means its safe or to be trusted.

A URL is another user input not to be trusted, GET or POST (or any other method for that matter) can cause allot of severe vulnerabilities.

A common example was/is the use of the PHP_SELF, REQUEST_URI, SCRIPT_NAME and similar variables. Developers would mistakenly echo them directly to the browser which led to the script being injected into the page and executed.

I would suggest you start to do allot of reading, these are some good places to start:

OWASP

XSS Cheat Sheet

XSS Prevention Cheat Sheet

Also google around for XSS (cross site scripting), XSRF (Cross Site Request Forgery), and SQL Injection. That will get you started, but it is allot of information to absorb so take your time. It will be worth it in the long run.