diff --git a/src/wp-content/themes/twentyten/functions.php b/src/wp-content/themes/twentyten/functions.php
index 2996bd2450..bd0e19f119 100644
--- a/src/wp-content/themes/twentyten/functions.php
+++ b/src/wp-content/themes/twentyten/functions.php
@@ -613,7 +613,7 @@ if ( ! function_exists( 'twentyten_posted_on' ) ) :
),
sprintf(
'%3$s',
- get_author_posts_url( get_the_author_meta( 'ID' ) ),
+ esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ),
/* translators: %s: Author display name. */
esc_attr( sprintf( __( 'View all posts by %s', 'twentyten' ), get_the_author() ) ),
get_the_author()
diff --git a/src/wp-content/themes/twentyten/loop-attachment.php b/src/wp-content/themes/twentyten/loop-attachment.php
index 98981f5f81..b886c019e8 100644
--- a/src/wp-content/themes/twentyten/loop-attachment.php
+++ b/src/wp-content/themes/twentyten/loop-attachment.php
@@ -45,7 +45,7 @@ if ( have_posts() ) {
'meta-prep meta-prep-author',
sprintf(
'%3$s',
- get_author_posts_url( get_the_author_meta( 'ID' ) ),
+ esc_url( get_author_posts_url( get_the_author_meta( 'ID' ) ) ),
/* translators: %s: Author display name. */
esc_attr( sprintf( __( 'View all posts by %s', 'twentyten' ), get_the_author() ) ),
get_the_author()