diff --git a/src/main/scala/gitbucket/core/view/helpers.scala b/src/main/scala/gitbucket/core/view/helpers.scala
index 3b6e815..4e757c7 100644
--- a/src/main/scala/gitbucket/core/view/helpers.scala
+++ b/src/main/scala/gitbucket/core/view/helpers.scala
@@ -250,12 +250,12 @@
    * Generates the url to the repository.
    */
   def url(repository: RepositoryService.RepositoryInfo)(implicit context: Context): String =
-    s"${context.path}/${repository.owner}/${repository.name}"
+    s"${context.path}/${encodeRefName(repository.owner)}/${encodeRefName(repository.name)}"
 
   /**
    * Generates the url to the account page.
    */
-  def url(userName: String)(implicit context: Context): String = s"${context.path}/${StringUtil.urlEncode(userName)}"
+  def url(userName: String)(implicit context: Context): String = s"${context.path}/${encodeRefName(userName)}"
 
   /**
    * Returns the url to the root of assets.
@@ -273,7 +273,7 @@
    * If user does not exist or disabled, this method returns user name as text without link.
    */
   def user(userName: String, mailAddress: String = "", styleClass: String = "")(implicit context: Context): Html =
-    userWithContent(userName, mailAddress, styleClass)(Html(userName))
+    userWithContent(userName, mailAddress, styleClass)(Html(StringUtil.escapeHtml(userName)))
 
   /**
    * Generates the avatar link to the account page.