Index: wp-admin/includes/meta-boxes.php
===================================================================
--- wp-admin/includes/meta-boxes.php	(revision 19644)
+++ wp-admin/includes/meta-boxes.php	(working copy)
@@ -268,37 +268,39 @@
  * @since 2.6.0
  *
  * @param object $post
+ * @param array $box associative array
  */
 function post_tags_meta_box($post, $box) {
-	$defaults = array('taxonomy' => 'post_tag');
-	if ( !isset($box['args']) || !is_array($box['args']) )
+	$defaults = array( 'taxonomy' => 'post_tag' );
+	if ( ! isset( $box['args'] ) || ! is_array( $box['args'] ) )
 		$args = array();
 	else
 		$args = $box['args'];
 	extract( wp_parse_args($args, $defaults), EXTR_SKIP );
 	$tax_name = esc_attr($taxonomy);
 	$taxonomy = get_taxonomy($taxonomy);
-	$disabled = !current_user_can($taxonomy->cap->assign_terms) ? 'disabled="disabled"' : '';
+	$user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
 ?>
 <div class="tagsdiv" id="<?php echo $tax_name; ?>">
 	<div class="jaxtag">
 	<div class="nojs-tags hide-if-js">
-	<p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
-	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea></div>
- 	<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
+	<p><?php echo esc_html( $taxonomy->labels->add_or_remove_items ); ?></p>
+	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php disabled( ! $user_can_assign_terms ); ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // textarea_escaped by esc_attr() ?></textarea>
+	</div>
+ 	<?php if ( $user_can_assign_terms ) : ?>
 	<div class="ajaxtag hide-if-no-js">
-		<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
-		<div class="taghint"><?php echo $taxonomy->labels->add_new_item; ?></div>
+		<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo esc_html( $box['title'] ); ?></label>
+		<div class="taghint"><?php echo esc_html( $taxonomy->labels->add_new_item ); ?></div>
 		<p><input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />
 		<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /></p>
 	</div>
-	<p class="howto"><?php echo esc_attr( $taxonomy->labels->separate_items_with_commas ); ?></p>
+	<p class="howto"><?php echo esc_html( $taxonomy->labels->separate_items_with_commas ); ?></p>
 	<?php endif; ?>
 	</div>
 	<div class="tagchecklist"></div>
 </div>
-<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
-<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo $taxonomy->labels->choose_from_most_used; ?></a></p>
+<?php if ( $user_can_assign_terms ) : ?>
+<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo esc_html( $taxonomy->labels->choose_from_most_used ); ?></a></p>
 <?php endif; ?>
 <?php
 }