It's not a security issue, because the input apparently is being sanitzed. If it weren't that would be a code injection vulnerabilty.