From a96ae481ffd7bac8d204f33c79957002689bcc63 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sat, 9 Feb 2008 07:29:36 +0000
Subject: [PATCH] htmlspecialchars when loading content into html editor. 
 Props DD32 and andy. fixes #5796

git-svn-id: http://svn.automattic.com/wordpress/trunk@6767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/formatting.php       | 7 +++++++
 wp-includes/general-template.php | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 70af8a10d6..241701e133 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -1111,6 +1111,13 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }
 
+function wp_htmledit_pre($output) {
+	if ( !empty($output) )
+		$output = htmlspecialchars($output, ENT_NOQUOTES); // convert only < > &
+
+	return apply_filters('htmledit_pre', $output);
+}
+
 function clean_url( $url, $protocols = null, $context = 'display' ) {
 	$original_url = $url;
 
diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php
index be3d67c3a0..e56931f8b0 100644
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -932,6 +932,8 @@ function the_editor($content, $id = 'content', $prev_id = 'title') {
 
 		if ( 'tinymce' == $wp_default_editor )
 			add_filter('the_editor_content', 'wp_richedit_pre');
+		else if ( 'html' == $wp_default_editor )
+			add_filter('the_editor_content', 'wp_htmledit_pre');
 
 		//	The following line moves the border so that the active button "attaches" to the toolbar. Only IE needs it.
         ?>