1 files changed, 3 insertions, 1 deletions

diff --git a/www/crm/wp-admin/js/post.js b/www/crm/wp-admin/js/post.js
index 3168fec8..ec1a0d71 100644
--- a/www/crm/wp-admin/js/post.js
+++ b/www/crm/wp-admin/js/post.js
@@ -795,7 +795,9 @@ jQuery(document).ready( function($) {
 			}
 
 			// Update "Status:" to currently selected status.
-			$('#post-status-display').html($('option:selected', postStatus).text());
+			$('#post-status-display').text(
+				wp.sanitize.stripTagsAndEncodeText( $('option:selected', postStatus).text() ) // Remove any potential tags from post status text.
+			);
 
 			// Show or hide the "Save Draft" button.
 			if ( $('option:selected', postStatus).val() == 'private' || $('option:selected', postStatus).val() == 'publish' ) {