If you use the example code as-is and the blogblogblog page is compromised or malicious, it can inject arbitrary javascript into your page. Best to html encode all input from third party sources, especially users.