If it were a reflected XSS you could trigger it with something like https://whydoiprocrastinate.com/#%3Cscript%3Ealert%28%22this..., but I don't think this actually matters.
Sloppy programming, sure, but it isn't a real security issue.