Is building part of an href on a webpage from URL parameters a security risk?

I’ve written some code and have a feeling there’s a security issue with it, but I can’t figure out what it is.

Is there a security risk in including URL parameters directly into part of a link on a webpage?

Steps:

  • User visits https://www.example.com/1/guid
  • JS reads the URL, and retrieves part of it, in this case guid
  • JS builds a URL using that data https://www.example.com/2/guid
  • That new URL is added to the page (Adding the URL to the page is escaped, so injecting JS shouldn’t be a problem, in theory)

Is there any way that displaying or clicking on https://www.example.com/2/<any plain text here> could be a security flaw?