id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
44	Check for and correct to ${X.encodeAsHtml()} where required.	Gavin		"Anywhere that user input is displayed in a page there is the opportunity for html (or worse javascript?) injection. Using ${X} directly renders the text so a user input of ""<td>nice</td>"" would change the layout of the page.

Find and correct all cases to ${X.encodeAsHtml()}."	defect	closed	critical	0.5 - Functionality and Stability	gnuMims - application security	trunk	fixed