diff --git a/orchestra/contrib/bills/admin.py b/orchestra/contrib/bills/admin.py
index 7ef0c78e..3d7b9534 100644
--- a/orchestra/contrib/bills/admin.py
+++ b/orchestra/contrib/bills/admin.py
@@ -80,7 +80,6 @@ class BillLineInline(admin.TabularInline):
                 return '<a href="%s" title="%s">%s <img src="%s"></img></a>' % (url, content, total, img)
             return '<a href="%s">%s</a>' % (url, total)
     display_total.short_description = _("Total")
-    display_total.allow_tags = True
 
     def formfield_for_dbfield(self, db_field, **kwargs):
         """ Make value input widget bigger """
diff --git a/orchestra/contrib/orders/admin.py b/orchestra/contrib/orders/admin.py
index 79076067..43838e4f 100644
--- a/orchestra/contrib/orders/admin.py
+++ b/orchestra/contrib/orders/admin.py
@@ -1,9 +1,10 @@
+from datetime import datetime
 from django import forms
 from django.contrib import admin
 from django.urls import reverse, NoReverseMatch
 from django.db.models import Prefetch
 from django.utils import timezone
-from django.utils.html import escape
+from django.utils.html import escape, format_html
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 
@@ -112,9 +113,8 @@ class OrderAdmin(AccountAdminMixin, ExtendedModelAdmin):
     display_cancelled_on = admin_date('cancelled_on')
 
     def display_description(self, order):
-        return order.description[:64]
+        return format_html(order.description[:64])
     display_description.short_description = _("Description")
-    display_description.allow_tags = True
     display_description.admin_order_field = 'description'
 
     def content_object_link(self, order):
@@ -125,13 +125,13 @@ class OrderAdmin(AccountAdminMixin, ExtendedModelAdmin):
                 # Does not has admin
                 return order.content_object_repr
             description = str(order.content_object)
-            return '<a href="{url}">{description}</a>'.format(
+            return format_html('<a href="{url}">{description}</a>',
                 url=url, description=description)
         return order.content_object_repr
     content_object_link.short_description = _("Content object")
-    content_object_link.allow_tags = True
     content_object_link.admin_order_field = 'content_object_repr'
 
+    @mark_safe
     def bills_links(self, order):
         bills = []
         make_link = admin_link()
@@ -139,7 +139,6 @@ class OrderAdmin(AccountAdminMixin, ExtendedModelAdmin):
             bills.append(make_link(line.bill))
         return '<br>'.join(bills)
     bills_links.short_description = _("Bills")
-    bills_links.allow_tags = True
 
     def display_billed_until(self, order):
         billed_until = order.billed_until
@@ -156,12 +155,12 @@ class OrderAdmin(AccountAdminMixin, ExtendedModelAdmin):
                     red = True
             elif billed_until < timezone.now().date():
                 red = True
-        color = 'style="color:red;"' if red else ''
-        return '<span title="{raw}" {color}>{human}</span>'.format(
+        color = mark_safe('style="color:red;"') if red else ''
+        return format_html(
+            '<span title="{raw}" {color}>{human}</span>',
             raw=escape(str(billed_until)), color=color, human=human,
         )
     display_billed_until.short_description = _("billed until")
-    display_billed_until.allow_tags = True
     display_billed_until.admin_order_field = 'billed_until'
 
     def display_metric(self, order):
diff --git a/orchestra/contrib/services/admin.py b/orchestra/contrib/services/admin.py
index b8e20634..ecbe1e2d 100644
--- a/orchestra/contrib/services/admin.py
+++ b/orchestra/contrib/services/admin.py
@@ -4,6 +4,7 @@ from django.contrib import admin
 from django.urls import reverse
 from django.template.response import TemplateResponse
 from django.utils import timezone
+from django.utils.html import format_html
 from django.utils.translation import ugettext_lazy as _
 
 from orchestra.admin import ChangeViewActionsMixin
@@ -69,10 +70,9 @@ class ServiceAdmin(ChangeViewActionsMixin, admin.ModelAdmin):
         num = service.orders__count
         url = reverse('admin:orders_order_changelist')
         url += '?service__id__exact=%i&is_active=True' % service.pk
-        return '<a href="%s">%d</a>' % (url, num)
+        return format_html('<a href="{}">{}</a>', url, num)
     num_orders.short_description = _("Orders")
     num_orders.admin_order_field = 'orders__count'
-    num_orders.allow_tags = True
 
     def get_queryset(self, request):
         qs = super(ServiceAdmin, self).get_queryset(request)
diff --git a/orchestra/contrib/webapps/admin.py b/orchestra/contrib/webapps/admin.py
index 9d93ee6a..12cacb2c 100644
--- a/orchestra/contrib/webapps/admin.py
+++ b/orchestra/contrib/webapps/admin.py
@@ -2,6 +2,7 @@ from django import forms
 from django.contrib import admin
 from django.urls import reverse
 from django.utils.encoding import force_text
+from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext, ugettext_lazy as _
 
 from orchestra.admin import ExtendedModelAdmin
@@ -66,6 +67,7 @@ class WebAppAdmin(SelectPluginAdminMixin, AccountAdminMixin, ExtendedModelAdmin)
 
     display_type = display_plugin_field('type')
 
+    @mark_safe
     def display_websites(self, webapp):
         websites = []
         for content in webapp.content_set.all():
@@ -82,7 +84,6 @@ class WebAppAdmin(SelectPluginAdminMixin, AccountAdminMixin, ExtendedModelAdmin)
             websites.append('<a href="%s">%s%s</a>' % (add_url, plus, ugettext("Add website")))
         return '<br>'.join(websites)
     display_websites.short_description = _("web sites")
-    display_websites.allow_tags = True
 
     def display_detail(self, webapp):
         try:
diff --git a/orchestra/contrib/websites/admin.py b/orchestra/contrib/websites/admin.py
index 8e597d86..a6a68c55 100644
--- a/orchestra/contrib/websites/admin.py
+++ b/orchestra/contrib/websites/admin.py
@@ -3,6 +3,7 @@ from django.contrib import admin
 from django.urls import resolve
 from django.db.models import Q
 from django.utils.encoding import force_text
+from django.utils.html import format_html
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
 
@@ -87,9 +88,9 @@ class WebsiteAdmin(SelectAccountAdminMixin, ExtendedModelAdmin):
             domains.append('<a href="%s">%s</a>' % (url, url))
         return '<br>'.join(domains)
     display_domains.short_description = _("domains")
-    display_domains.allow_tags = True
     display_domains.admin_order_field = 'domains'
 
+    @mark_safe
     def display_webapps(self, website):
         webapps = []
         for content in website.content_set.all():
@@ -102,9 +103,9 @@ class WebsiteAdmin(SelectAccountAdminMixin, ExtendedModelAdmin):
                 pass
             url = change_url(webapp)
             name = "%s on %s" % (webapp.name, content.path or '/')
-            webapps.append('<a href="%s" title="%s">%s %s</a>' % (url, detail, name, site_link))
+            webapp_info = format_html('<a href="{}" title="{}">{}</a> {}', url, detail, name, site_link)
+            webapps.append(webapp_info)
         return '<br>'.join(webapps)
-    display_webapps.allow_tags = True
     display_webapps.short_description = _("Web apps")
 
     def formfield_for_dbfield(self, db_field, **kwargs):