you have an XSS vulnerability tho :) you should escape / strip out tag-like content
more info: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Sc...