Escape HTML should be enabled
Impact area
Security
Severity
High
Affected element
System property
Rule ID
SN-0183Impact
Setting the type of a table column to HTML allows its contents to be displayed with HTML formatting tags. However it also opens up a cross-site script attack vector since a malicious user could inject HTML code to execute unauthorised scripts when these fields are rendered.
Remediation
Set the system property "glide.ui.escape_html_list_field" to true.
Time to fix
15 min
References
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.