diff --git a/wp-admin/link-add.php b/wp-admin/link-add.php
index ec7bd67f4b..d886f63619 100644
--- a/wp-admin/link-add.php
+++ b/wp-admin/link-add.php
@@ -14,7 +14,7 @@ function category_dropdown($fieldname, $selected = 0) {
       echo "          <option value=\"".$row->cat_id."\"";
       if ($row->cat_id == $selected)
         echo " selected";
-        echo ">".$row->cat_id.": ".$row->cat_name;
+        echo ">".$row->cat_id.": ".htmlspecialchars($row->cat_name);
         if ($row->auto_toggle == 'Y')
             echo ' (auto toggle)';
         echo "</option>\n";
diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php
index 1346745c23..6e2d341b7d 100644
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -185,6 +185,7 @@ switch ($action) {
     check_admin_referer();
 
     $link_url = $_POST['linkurl'];
+    $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url; 
     $link_name = $_POST['name'];
     $link_image = $_POST['image'];
     $link_target = $_POST['target'];
@@ -235,6 +236,7 @@ switch ($action) {
 
       $link_id = $_POST['link_id'];
       $link_url = $_POST['linkurl'];
+      $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url; 
       $link_name = $_POST['name'];
       $link_image = $_POST['image'];
       $link_target = $_POST['target'];