Featured Image Block: Add missing output escaping

packages/block-library/src/post-featured-image/index.php

@@ -64,7 +64,7 @@ function render_block_core_post_featured_image( $attributes, $content, $block )
 		if ( ! empty( $attributes['scale'] ) ) {
 			$image_styles .= "object-fit:{$attributes['scale']};";
 		}
-		$featured_image = str_replace( 'src=', 'style="' . esc_attr( $image_styles ) . '" src=', $featured_image );
+		$featured_image = str_replace( '<img ', '<img style="' . esc_attr( safecss_filter_attr( $image_styles ) ) . '" ', $featured_image );
 	}
 
 	return "<figure {$wrapper_attributes}>{$featured_image}</figure>";