Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 18522)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -648,8 +648,8 @@
 		$comment_author_email = $wpdb->escape($user->user_email);
 		$comment_author_url   = $wpdb->escape($user->user_url);
 		$comment_content      = trim($_POST['content']);
-		if ( current_user_can('unfiltered_html') ) {
-			if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+		if ( current_user_can( 'unfiltered_html' ) ) {
+			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 				kses_remove_filters(); // start with a clean slate
 				kses_init_filters(); // set up the filters
 			}
Index: wp-admin/includes/template.php
===================================================================
--- wp-admin/includes/template.php	(revision 18522)
+++ wp-admin/includes/template.php	(working copy)
@@ -384,8 +384,11 @@
 	<input type="hidden" name="position" id="position" value="<?php echo $position; ?>" />
 	<input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" />
 	<input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" />
-	<?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?>
-	<?php wp_comment_form_unfiltered_html_nonce(); ?>
+	<?php
+		wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false );
+		if ( current_user_can( 'unfiltered_html' ) )
+			wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false );
+	?>
 <?php if ( $table_row ) : ?>
 </td></tr></tbody></table>
 <?php else : ?>