diff --git a/swh/web/browse/utils.py b/swh/web/browse/utils.py
--- a/swh/web/browse/utils.py
+++ b/swh/web/browse/utils.py
@@ -12,6 +12,7 @@
 
 from django.core.cache import cache
 from django.utils.safestring import mark_safe
+from django.utils.html import escape
 
 from importlib import reload
 
@@ -489,7 +490,8 @@
             attrs += '%s="%s" ' % (k, v)
     if not link_text:
         link_text = url
-    link = '<a%shref="%s">%s</a>' % (attrs, url, link_text)
+    link = '<a%shref="%s">%s</a>' \
+        % (escape(attrs), escape(url), escape(link_text))
     return mark_safe(link)
 
 
@@ -923,7 +925,7 @@
 
         if not snapshot_id:
             raise NotFoundExc('No snapshot associated to the visit of origin '
-                              '%s on %s' % (origin_url, fmt_date))
+                              '%s on %s' % (escape(origin_url), fmt_date))
 
         # provided timestamp is not necessarily equals to the one
         # of the retrieved visit, so get the exact one in order