From c154830479b2110cadebf105a517cc34b1484640 Mon Sep 17 00:00:00 2001
From: John Caruso <johncaruso@hey.com>
Date: Thu, 2 May 2024 09:05:42 -0400
Subject: [PATCH] escape attribute

---
 .../jetpack/modules/videopress/class.videopress-player.php      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/projects/plugins/jetpack/modules/videopress/class.videopress-player.php b/projects/plugins/jetpack/modules/videopress/class.videopress-player.php
index 4addc21e2c700..eff61842689e2 100644
--- a/projects/plugins/jetpack/modules/videopress/class.videopress-player.php
+++ b/projects/plugins/jetpack/modules/videopress/class.videopress-player.php
@@ -338,7 +338,7 @@ private function html5_static() {
 		if ( isset( $this->options['autoplay'] ) && $this->options['autoplay'] === true ) {
 			$html .= ' autoplay="true"';
 		} else {
-			$html .= ' preload="' . $preload . '"';
+			$html .= ' preload="' . esc_attr( $preload ) . '"';
 		}
 		if ( isset( $this->video->text_direction ) ) {
 			$html .= ' dir="' . esc_attr( $this->video->text_direction ) . '"';