diff --git a/uffd/role/templates/role/show.html b/uffd/role/templates/role/show.html
index 09315fd570845f3ef73dc2c09423dc166941e5e4..e468bbda579ea79e4797aa828a731cd1d79f1de8 100644
--- a/uffd/role/templates/role/show.html
+++ b/uffd/role/templates/role/show.html
@@ -14,11 +14,11 @@
 		<a href="{{ url_for("role.index") }}" class="btn btn-secondary">{{_("Cancel")}}</a>
 		{% if role.id %}
 			{% if not role.is_default %}
-			<a href="{{ url_for("role.set_default", roleid=role.id) }}" onClick="return confirm({{_('All non-service users will be removed as members from this role and get its permissions implicitly. Are you sure?')|tojson}});" class="btn btn-secondary">{{_("Set as default")}}</a>
+			<a href="{{ url_for("role.set_default", roleid=role.id) }}" onClick='return confirm({{_("All non-service users will be removed as members from this role and get its permissions implicitly. Are you sure?")|tojson}});' class="btn btn-secondary">{{_("Set as default")}}</a>
 			{% else %}
-			<a href="{{ url_for("role.unset_default", roleid=role.id) }}" onClick="return confirm({{_('Are you sure?')|tojson}});" class="btn btn-secondary">{{_("Unset as default")}}</a>
+			<a href="{{ url_for("role.unset_default", roleid=role.id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});' class="btn btn-secondary">{{_("Unset as default")}}</a>
 			{% endif %}
-			<a href="{{ url_for("role.delete", roleid=role.id) }}"  onClick="return confirm({{_('Are you sure?')|tojson}});" class="btn btn-danger {{ 'disabled' if role.locked }}"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
+			<a href="{{ url_for("role.delete", roleid=role.id) }}"  onClick='return confirm({{_("Are you sure?")|tojson}});' class="btn btn-danger {{ 'disabled' if role.locked }}"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
 		{% else %}
 			<a href="#" class="btn btn-secondary disabled">{{_("Set as default")}}</a>
 			<a href="#" class="btn btn-danger disabled"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
diff --git a/uffd/selfservice/templates/selfservice/self.html b/uffd/selfservice/templates/selfservice/self.html
index 49d1c7a9fd29b65fe9299ab3cd2b46c697878ae7..2ddcc9b4cbd1dcfd44d820559bb0eb20922ad6d9 100644
--- a/uffd/selfservice/templates/selfservice/self.html
+++ b/uffd/selfservice/templates/selfservice/self.html
@@ -120,7 +120,7 @@
 					<td>{{ role.description }}</td>
 					<td>
 						{% if config['ENABLE_ROLESELFSERVICE'] %}
-						<form action="{{ url_for("selfservice.leave_role", roleid=role.id) }}" method="POST" onsubmit="return confirm({{_('Are you sure?')|tojson}});">
+						<form action="{{ url_for("selfservice.leave_role", roleid=role.id) }}" method="POST" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
 							<button type="submit" class="btn btn-sm btn-danger float-right">{{_("Leave")}}</button>
 						</form>
 						{% endif %}
diff --git a/uffd/selfservice/views.py b/uffd/selfservice/views.py
index de79999a96333e9d789ad5b20b9ff55f7a83b23e..dd6b643781299423a244eb12705c79b8257b9abd 100644
--- a/uffd/selfservice/views.py
+++ b/uffd/selfservice/views.py
@@ -144,7 +144,7 @@ def leave_role(roleid):
 	request.user.update_groups()
 	ldap.session.commit()
 	db.session.commit()
-	flash(_('You left role "%(role_name)s"', role_name=role.name))
+	flash(_('You left role %(role_name)s', role_name=role.name))
 	return redirect(url_for('selfservice.index'))
 
 def send_mail_verification(loginname, newmail):
diff --git a/uffd/user/templates/user/show.html b/uffd/user/templates/user/show.html
index 9bf051d24d2ed27124e3ee096ac43bd7aa8c09c1..9fee26bf2da43afcfd341b4071469aef37ca4d22 100644
--- a/uffd/user/templates/user/show.html
+++ b/uffd/user/templates/user/show.html
@@ -8,7 +8,7 @@
 		<a href="{{ url_for("user.index") }}" class="btn btn-secondary">{{_("Cancel")}}</a>
 		{% if user.uid %}
 			<a href="{{ url_for("mfa.admin_disable", uid=user.uid) }}" class="btn btn-secondary">{{_("Reset 2FA")}}</a>
-			<a href="{{ url_for("user.delete", uid=user.uid) }}" onClick="return confirm({{_('Are you sure?')|tojson}});" class="btn btn-danger"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
+			<a href="{{ url_for("user.delete", uid=user.uid) }}" onClick='return confirm({{_("Are you sure?")|tojson}});' class="btn btn-danger"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
 		{% else %}
 			<a href="#" class="btn btn-danger disabled"><i class="fa fa-trash" aria-hidden="true"></i> {{_("Delete")}}</a>
 		{% endif %}