diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py
index 010a60daa..491aa309e 100644
--- a/netbox/utilities/views.py
+++ b/netbox/utilities/views.py
@@ -12,6 +12,7 @@ from django.forms import CharField, ModelMultipleChoiceField, MultipleHiddenInpu
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404, redirect, render
 from django.template import TemplateSyntaxError
+from django.utils.html import escape
 from django.utils.http import is_safe_url
 from django.views.generic import View
 
@@ -194,9 +195,9 @@ class ObjectEditView(View):
             msg = u'Created ' if obj_created else u'Modified '
             msg += self.model._meta.verbose_name
             if hasattr(obj, 'get_absolute_url'):
-                msg = u'{} <a href="{}">{}</a>'.format(msg, obj.get_absolute_url(), obj)
+                msg = u'{} <a href="{}">{}</a>'.format(msg, obj.get_absolute_url(), escape(obj))
             else:
-                msg = u'{} {}'.format(msg, obj)
+                msg = u'{} {}'.format(msg, escape(obj))
             messages.success(request, msg)
             if obj_created:
                 UserAction.objects.log_create(request.user, obj, msg)
@@ -266,7 +267,7 @@ class ObjectDeleteView(View):
                 handle_protectederror(obj, request, e)
                 return redirect(obj.get_absolute_url())
 
-            msg = u'Deleted {} {}'.format(self.model._meta.verbose_name, obj)
+            msg = u'Deleted {} {}'.format(self.model._meta.verbose_name, escape(obj))
             messages.success(request, msg)
             UserAction.objects.log_delete(request.user, obj, msg)