--- a/templates/confirm.html	Mon Jan 04 15:04:25 2016 +0100
+++ b/templates/confirm.html	Mon Jan 04 15:16:55 2016 +0100
@@ -1,7 +1,7 @@
 [% WRAPPER once.tt %]
 <h1>Download bestätigen</h1>
 <hr />
-Die Datei <em>[% file.name %]</em> ([% file.mimetype %]) 
+Die Datei <em>[% file.name | html %]</em> ([% file.mimetype %]) 
 wird nach Abschluß des Downloads gelöscht werden
 
 <form method='post'>

--- a/templates/inventory.html	Mon Jan 04 15:04:25 2016 +0100
+++ b/templates/inventory.html	Mon Jan 04 15:16:55 2016 +0100
@@ -19,11 +19,11 @@
     </tr>
     [% FOREACH file IN files %]
 	<tr>
-	<td><a href="[% file.link %]">[% file.name %]</a></td>
+	<td><a href="[% file.link | url %]">[% file.name | html %]</a></td>
 	<td align="right">[% file.size %]</td>
 	<td>[% date.format(file.uploaded, "%c") %]</td>
 	<td>[% file.removal.type %]</td>
-	<td><a href="[% file.removal.link %]">remove</a></td>
+	<td><a href="[% file.removal.link | url %]">remove</a></td>
 	</td>
     [% END # foreach %]
     </table>

--- a/templates/not-found.html	Mon Jan 04 15:04:25 2016 +0100
+++ b/templates/not-found.html	Mon Jan 04 15:16:55 2016 +0100
@@ -1,4 +1,4 @@
 [% WRAPPER once.tt %]
 <h1>Sorry</h1>
-Das File <em>[% file.name %]</em> existiert (nicht) mehr.
+Das File <em>[% file.name | html %]</em> existiert (nicht) mehr.
 [% END %]