Setting the type of a table column to HTML allows its contents to be displayed with HTML formatting tags. However it also opens up a cross-site script attack vector since a malicious user could inject HTML code to execute unauthorised scripts when these fields are rendered.
Set the system property "glide.ui.escape_html_list_field" to true.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.