Improved [4180] to add HTML escaping on the primary-key value in the …

…error message git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
django · Dec 7, 2006 · 545ebf4 · 545ebf4
1 parent 201704b
commit 545ebf4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
@@ -314,7 +314,7 @@ def change_stage(request, app_label, model_name, object_id):
     try:
         manipulator = model.ChangeManipulator(object_id)
     except model.DoesNotExist:
-        raise Http404('%s object with primary key %r does not exist' % (model_name, object_id))
+        raise Http404('%s object with primary key %r does not exist' % (model_name, escape(object_id)))
 
     if request.POST:
         new_data = request.POST.copy()