summaryrefslogtreecommitdiff
path: root/django/contrib/admin/views/main.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/contrib/admin/views/main.py')
-rw-r--r--django/contrib/admin/views/main.py7
1 files changed, 3 insertions, 4 deletions
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 947d09b852..9786935bf8 100644
--- a/django/contrib/admin/views/main.py
+++ b/django/contrib/admin/views/main.py
@@ -273,10 +273,9 @@ def add_stage(request, app_label, model_name, show_delete=False, form_url='', po
post_url_continue += "?_popup=1"
return HttpResponseRedirect(post_url_continue % pk_value)
if "_popup" in request.POST:
- if type(pk_value) is str: # Quote if string, so JavaScript doesn't think it's a variable.
- pk_value = '"%s"' % pk_value.replace('"', '\\"')
- return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, %s, "%s");</script>' % \
- (pk_value, force_unicode(new_object).replace('"', '\\"')))
+ return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, "%s", "%s");</script>' % \
+ # escape() calls force_unicode.
+ (escape(pk_value), escape(new_object)))
elif "_addanother" in request.POST:
request.user.message_set.create(message=msg + ' ' + (_("You may add another %s below.") % force_unicode(opts.verbose_name)))
return HttpResponseRedirect(request.path)
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 04:51:16 +0000