diff --git a/wp-admin/bookmarklet.php b/wp-admin/bookmarklet.php
index 0373e41b75..2bfb1ed478 100644
--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -55,7 +55,7 @@ window.close()
 // $post_pingback needs to be set in any file that includes edit-form.php
     $post_pingback = get_settings('default_pingback_flag');
     
-    $content = $_REQUEST['content'];
+    $content = htmlspecialchars($_REQUEST['content']);
     if (!empty($content)) {
         $content =  stripslashes($content);
     } else {
diff --git a/wp-admin/post.php b/wp-admin/post.php
index f167687a80..d188652121 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -650,6 +650,7 @@ default:
 		$post_pingback = get_settings('default_pingback_flag');
 		$default_post_cat = get_settings('default_category');
 
+		$content = htmlspecialchars($content);
 		$content = apply_filters('default_content', $content);
 		$edited_post_title = apply_filters('default_title', $edited_post_title);
 		$excerpt = apply_filters('default_excerpt', $excerpt);