Index: wp-admin/includes/template.php
===================================================================
--- wp-admin/includes/template.php	(revision 6181)
+++ wp-admin/includes/template.php	(working copy)
@@ -493,7 +493,7 @@
 			else
 				$current = '';
 
-			echo "\n\t<option value='$item->ID'$current>$pad $item->post_title</option>";
+			echo "\n\t<option value='$item->ID'$current>$pad " . wp_specialchars($item->post_title) . "</option>";
 			parent_dropdown( $default, $item->ID, $level +1 );
 		}
 	} else {
Index: wp-includes/post.php
===================================================================
--- wp-includes/post.php	(revision 6181)
+++ wp-includes/post.php	(working copy)
@@ -102,7 +102,7 @@
 			$_post = null;
 	} elseif ( is_object($post) ) {
 		if ( 'page' == $post->post_type )
-			return get_page($post, $output);
+			return get_page($post, $output, $filter);
 		if ( !isset($post_cache[$blog_id][$post->ID]) )
 			$post_cache[$blog_id][$post->ID] = &$post;
 		$_post = & $post_cache[$blog_id][$post->ID];
@@ -111,11 +111,11 @@
 		if ( isset($post_cache[$blog_id][$post]) )
 			$_post = & $post_cache[$blog_id][$post];
 		elseif ( $_post = wp_cache_get($post, 'pages') )
-			return get_page($_post, $output);
+			return get_page($_post, $output, $filter);
 		else {
 			$_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
 			if ( 'page' == $_post->post_type )
-				return get_page($_post, $output);
+				return get_page($_post, $output, $filter);
 			$post_cache[$blog_id][$post] = & $_post;
 		}
 	}
@@ -979,7 +979,7 @@
 
 // Retrieves page data given a page ID or page object.
 // Handles page caching.
-function &get_page(&$page, $output = OBJECT) {
+function &get_page(&$page, $output = OBJECT, $filter = 'raw') {
 	global $wpdb, $blog_id;
 
 	if ( empty($page) ) {
@@ -992,7 +992,7 @@
 		}
 	} elseif ( is_object($page) ) {
 		if ( 'post' == $page->post_type )
-			return get_post($page, $output);
+			return get_post($page, $output, $filter);
 		wp_cache_add($page->ID, $page, 'pages');
 		$_page = $page;
 	} else {
@@ -1005,12 +1005,12 @@
 				$_page = & $GLOBALS['page'];
 				wp_cache_add($_page->ID, $_page, 'pages');
 			} elseif ( isset($GLOBALS['post_cache'][$blog_id][$page]) ) { // it's actually a page, and is cached
-				return get_post($page, $output);
+				return get_post($page, $output, $filter);
 			} else { // it's not in any caches, so off to the DB we go
 				// Why are we using assignment for this query?
 				$_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page ));
 				if ( 'post' == $_page->post_type )
-					return get_post($_page, $output);
+					return get_post($_page, $output, $filter);
 				// Potential issue: we're not checking to see if the post_type = 'page'
 				// So all non-'post' posts will get cached as pages.
 				wp_cache_add($_page->ID, $_page, 'pages');
@@ -1018,6 +1018,8 @@
 		}
 	}
 
+	$_page = sanitize_post($_page, $filter);
+
 	// at this point, one way or another, $_post contains the page object
 
 	if ( $output == OBJECT ) {