Comment 2 for bug 1980406

That's ominous! I don't know the code well enough to know where to look, but this like it might be an issue with the input not being escaped properly, which could be a security concern.