At the moment, I don't have input filters ready to go for the table cell output. If you are testing the current build (6.x.1.0-beta1) and are concerned about security, you can use the following patch which runs each cell through check_plain() before output.

CommentFileSizeAuthor
tablefield.module.check_plain.patch982 byteskevin hankens

Comments

kevin hankens’s picture

I just made a commit (10/28/09) that adds input filter handling and uses check_plain() for plain text entries. This will be released with 6.x-1.0-beta2, but if anybody needs it right away you can get it from CVS.

kevin hankens’s picture

Status: Active » Closed (fixed)

The Beta-2 release has this covered with the use of input filters. If plain text is chosen, then it runs the output through check_plain.