From bb49691c63dd88fad57bf5158696ab330876c7ad Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Sun, 2 Feb 2014 21:11:24 +0000
Subject: [PATCH] WP_Link: convert < > and " to HTML entities when setting link
 title for the Text editor. Fixes #25704.

git-svn-id: https://develop.svn.wordpress.org/trunk@27071 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/js/wplink.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/js/wplink.js b/src/wp-includes/js/wplink.js
index 8ab7ad001e..93caa38444 100644
--- a/src/wp-includes/js/wplink.js
+++ b/src/wp-includes/js/wplink.js
@@ -165,7 +165,7 @@ var wpLink;
 		},
 
 		htmlUpdate: function() {
-			var attrs, html, begin, end, cursor,
+			var attrs, html, begin, end, cursor, title,
 				textarea = wpLink.textarea;
 
 			if ( ! textarea )
@@ -181,7 +181,8 @@ var wpLink;
 			html = '<a href="' + attrs.href + '"';
 
 			if ( attrs.title )
-				html += ' title="' + attrs.title + '"';
+				title = attrs.title.replace( /</g, '&lt;' ).replace( />/g, '&gt;' ).replace( /"/g, '&quot;' );
+				html += ' title="' + title + '"';
 			if ( attrs.target )
 				html += ' target="' + attrs.target + '"';