Index: wp-includes/functions.php
===================================================================
--- wp-includes/functions.php	(revision 3918)
+++ wp-includes/functions.php	(working copy)
@@ -806,7 +806,7 @@
 }
 
 function wp_nonce_url($actionurl, $action = -1) {
-	return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
+	return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
 }
 
 function wp_nonce_field($action = -1) {
Index: wp-includes/script-loader.php
===================================================================
--- wp-includes/script-loader.php	(revision 3918)
+++ wp-includes/script-loader.php	(working copy)
@@ -62,7 +62,7 @@
 			if ( !in_array($handle, $this->printed) && isset($this->scripts[$handle]) ) {
 				$ver = $this->scripts[$handle]->ver ? $this->scripts[$handle]->ver : $wp_db_version;
 				if ( isset($this->args[$handle]) )
-					$ver .= '&' . $this->args[$handle];
+					$ver .= '&' . $this->args[$handle];
 				$src = 0 === strpos($this->scripts[$handle]->src, 'http://') ? $this->scripts[$handle]->src : get_settings( 'siteurl' ) . $this->scripts[$handle]->src;
 				echo "<script type='text/javascript' src='$src?ver=$ver'></script>\n";
 				$this->printed[] = $handle;