diff --git a/src/wp-admin/options-general.php b/src/wp-admin/options-general.php
index 5f18170ea8..11bda9545e 100644
--- a/src/wp-admin/options-general.php
+++ b/src/wp-admin/options-general.php
@@ -243,7 +243,7 @@ if ( empty($tzstring) ) { // Create a UTC+- zone if no timezone string exists
echo " checked='checked'";
$custom = false;
}
- echo ' /> ' . date_i18n( $format ) . '' . $format . "
\n";
+ echo ' /> ' . date_i18n( $format ) . '' . esc_html( $format ) . "
\n";
}
echo '
\n";
+ echo ' /> ' . date_i18n( $format ) . '' . esc_html( $format ) . "
\n";
}
echo '