Scaffolding does not escape HTML in related table list

Being very new to CakePHP is started with scaffolding to create a simple CRUD for my database model.
This works fine. However, for testing purposes I happened to have the text '<h2>Pony</h2>' in one of the data field, to detect any missing HTML-escapes.

I found one in CakePHP in the default scaffolding view for Related records.
In file lib\Cake\View\Scaffolds\view.ctp on line 127 (verion 2.2.2)
                echo "\t\t\t<td>" . ${$otherSingularVar}[$_field]) . "</td>\n";
the data is not escaped. Should it not be like this?
                echo "\t\t\t<td>" . h(${$otherSingularVar}[$_field]) . "</td>\n";
This change worked for me.

--
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en-US.