From 27229f0110b9904c72ffe547179d0fe8f0d1128e Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 7 Mar 2007 04:29:45 +0000
Subject: [PATCH] attribute_escape content before stuffing it in value
 attribute. Props Dan Coulter. fixes #3919

git-svn-id: https://develop.svn.wordpress.org/trunk@4986 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/upload-functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php
index c2b5519e8a..1f79fb72a7 100644
--- a/wp-admin/upload-functions.php
+++ b/wp-admin/upload-functions.php
@@ -18,7 +18,7 @@ function wp_upload_display( $dims = false, $href = '' ) {
 		the_title();
 		$post_title = attribute_escape(ob_get_contents());
 	ob_end_clean();
-	$post_content = apply_filters( 'content_edit_pre', $post->post_content );
+	$post_content = attribute_escape(apply_filters( 'content_edit_pre', $post->post_content ));
 
 	$class = 'text';
 	$innerHTML = get_attachment_innerHTML( $id, false, $dims );