Ticket #1978: patch.diff

wp-includes/comment-functions.php

@@ -312 +312 @@
                 if (!empty($CSSclass)) {
                         echo ' class="'.$CSSclass.'"';
                 }
-                echo ' title="' . sprintf( __('Comment on %s'), $post->post_title ) .'">';
+                echo ' title="' . sprintf( __('Comment on %s'), wp_specialchars($post->post_title) ) .'">';
                 comments_number($zero, $one, $more, $number);
                 echo '</a>';
         }