diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php
index 34f6d7d4ec..9f6402b66a 100644
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -2,7 +2,7 @@
 @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 if (!isset($_GET["page"])) require_once('admin.php');
 if ( $editing ) {
-	wp_enqueue_script( array("dbx-admin-key?pagenow=$pagenow",'admin-custom-fields') );
+	wp_enqueue_script( array('dbx-admin-key?pagenow=' . attribute_escape($pagenow),'admin-custom-fields') );
 	if ( current_user_can('manage_categories') )
 		wp_enqueue_script( 'ajaxcat' );
 	if ( user_can_richedit() )