htmlescape column comments. per suggestion from github user nboutelier

1 files changed, 1 insertions, 1 deletions

diff --git a/classes/Misc.php b/classes/Misc.php
index 96a49534..1b34b14e 100644
--- a/classes/Misc.php
+++ b/classes/Misc.php
@@ -1989,7 +1989,7 @@
 								echo "<td class='comment_cell'>";
 								$val = value($column['field'], $tabledata->fields);
 								if (!is_null($val)) {
-									echo $val;
+									echo htmlentities($val);
 								}
 								echo "</td>";
 								break;