diff --git a/main/templatetags/cdn.py b/main/templatetags/cdn.py
index e0b702be..3116cce0 100644
--- a/main/templatetags/cdn.py
+++ b/main/templatetags/cdn.py
@@ -1,5 +1,6 @@
 from django import template
 from django.contrib.staticfiles.storage import staticfiles_storage
+from django.utils.html import format_html
 
 register = template.Library()
 
@@ -17,6 +18,6 @@ def jquery_tablesorter():
     version = '2.7'
     filename = 'jquery.tablesorter-%s.min.js' % version
     link = staticfiles_storage.url(filename)
-    return '<script type="text/javascript" src="%s"></script>' % link
+    return format_html('<script type="text/javascript" src="%s"></script>' % link)
 
 # vim: set ts=4 sw=4 et:
diff --git a/main/templatetags/flags.py b/main/templatetags/flags.py
index 3abd1aed..fafcb5aa 100644
--- a/main/templatetags/flags.py
+++ b/main/templatetags/flags.py
@@ -1,4 +1,5 @@
 from django import template
+from django.utils.html import format_html
 
 register = template.Library()
 
@@ -7,8 +8,8 @@
 def country_flag(country):
     if not country:
         return ''
-    return '<span class="fam-flag fam-flag-%s" title="%s"></span> ' % (
-            unicode(country.code).lower(), unicode(country.name))
+    return format_html('<span class="fam-flag fam-flag-%s" title="%s"></span> ' % (
+            unicode(country.code).lower(), unicode(country.name)))
 
 
 # vim: set ts=4 sw=4 et:
diff --git a/main/templatetags/pgp.py b/main/templatetags/pgp.py
index f5b937b6..ad4e49d0 100644
--- a/main/templatetags/pgp.py
+++ b/main/templatetags/pgp.py
@@ -1,6 +1,6 @@
 from django import template
 from django.conf import settings
-from django.utils.html import conditional_escape
+from django.utils.html import conditional_escape, format_html
 from django.utils.safestring import mark_safe
 
 
@@ -41,7 +41,7 @@ def pgp_key_link(key_id, link_text=None):
     if link_text is None:
         link_text = '0x%s' % key_id[-8:]
     values = (url, format_key(key_id), link_text)
-    return '<a href="%s" title="PGP key search for %s">%s</a>' % values
+    return format_html('<a href="%s" title="PGP key search for %s">%s</a>' % values)
 
 
 @register.simple_tag
diff --git a/packages/templatetags/package_extras.py b/packages/templatetags/package_extras.py
index de730e29..a3a84e12 100644
--- a/packages/templatetags/package_extras.py
+++ b/packages/templatetags/package_extras.py
@@ -2,6 +2,7 @@
 from urlparse import parse_qs
 
 from django import template
+from django.utils.html import format_html
 
 
 register = template.Library()
@@ -53,7 +54,7 @@ def pkg_details_link(pkg, link_title=None, honor_flagged=False):
     if honor_flagged and pkg.flag_date:
         link_content = '<span class="flagged">%s</span>' % link_title
     link = '<a href="%s" title="View package details for %s">%s</a>'
-    return link % (pkg.get_absolute_url(), pkg.pkgname, link_content)
+    return format_html(link % (pkg.get_absolute_url(), pkg.pkgname, link_content))
 
 
 # vim: set ts=4 sw=4 et:
diff --git a/todolists/templatetags/todolists.py b/todolists/templatetags/todolists.py
index 5f31dc1f..a54a9b82 100644
--- a/todolists/templatetags/todolists.py
+++ b/todolists/templatetags/todolists.py
@@ -1,4 +1,5 @@
 from django import template
+from django.utils.html import format_html
 
 register = template.Library()
 
@@ -14,6 +15,6 @@ def todopkg_details_link(todopkg):
         return todopkg.pkgname
     link = '<a href="%s" title="View package details for %s">%s</a>'
     url = pkg_absolute_url(todopkg.repo, todopkg.arch, pkg.pkgname)
-    return link % (url, pkg.pkgname, pkg.pkgname)
+    return format_html(link % (url, pkg.pkgname, pkg.pkgname))
 
 # vim: set ts=4 sw=4 et: