From 545ebf4395f24438c6ddc847f0794bfc83c6e934 Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Thu, 7 Dec 2006 15:14:35 +0000 Subject: [PATCH] Improved [4180] to add HTML escaping on the primary-key value in the error message git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/views/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index df6b724d07..c9cff0e374 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -314,7 +314,7 @@ def change_stage(request, app_label, model_name, object_id): try: manipulator = model.ChangeManipulator(object_id) except model.DoesNotExist: - raise Http404('%s object with primary key %r does not exist' % (model_name, object_id)) + raise Http404('%s object with primary key %r does not exist' % (model_name, escape(object_id))) if request.POST: new_data = request.POST.copy()