diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 6a9d3a071f62651a302f96e766f52885cbef7406..6f695814adfb9d6d020691cc9f5a26d08bbcd653 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -1561,7 +1561,8 @@ function watchdog_exception($type, Exception $exception, $message = NULL, $varia
 
    // Use a default value if $message is not set.
    if (empty($message)) {
-     $message = '%type: %message in %function (line %line of %file).';
+     // The exception message is run through check_plain() by _drupal_decode_exception().
+     $message = '%type: !message in %function (line %line of %file).';
    }
    // $variables must be an array so that we can add the exception information.
    if (!is_array($variables)) {
diff --git a/includes/update.inc b/includes/update.inc
index d1993e0c3ced53db55a16e36b6a006930e9a0809..d2ba9c1a6fa9ebdd27b151bd649e3f122055d6bf 100644
--- a/includes/update.inc
+++ b/includes/update.inc
@@ -883,7 +883,8 @@ function update_do_one($module, $number, $dependency_map, &$context) {
 
       require_once DRUPAL_ROOT . '/includes/errors.inc';
       $variables = _drupal_decode_exception($e);
-      $ret['#abort'] = array('success' => FALSE, 'query' => t('%type: %message in %function (line %line of %file).', $variables));
+      // The exception message is run through check_plain() by _drupal_decode_exception().
+      $ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
     }
   }
 
diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php
index 8b57b174cfca1a204dfd81766dcf935ea1ccd3d4..cb1473ff4db9fa91f6dbe8257beb3051de10104f 100644
--- a/modules/simpletest/drupal_web_test_case.php
+++ b/modules/simpletest/drupal_web_test_case.php
@@ -517,7 +517,8 @@ protected function exceptionHandler($exception) {
       'file' => $exception->getFile(),
     ));
     require_once DRUPAL_ROOT . '/includes/errors.inc';
-    $this->error(t('%type: %message in %function (line %line of %file).', _drupal_decode_exception($exception)), 'Uncaught exception', _drupal_get_last_caller($backtrace));
+    // The exception message is run through check_plain() by _drupal_decode_exception().
+    $this->error(t('%type: !message in %function (line %line of %file).', _drupal_decode_exception($exception)), 'Uncaught exception', _drupal_get_last_caller($backtrace));
   }
 
   /**