diff --git a/cms/templates/admin/base_site.html b/cms/templates/admin/base_site.html
index d050919de3..953b42d2bf 100644
--- a/cms/templates/admin/base_site.html
+++ b/cms/templates/admin/base_site.html
@@ -7,13 +7,13 @@
 {% block nav-global %}{% endblock %}
 {% block userlinks %}
     {% if site_url %}
-        <a href="{{ site_url }}">{% trans 'View site' %}</a> /
+        <a href="{{ site_url }}">{% trans 'View site' as tmsg%} {{tmsg|force_escape}}</a> /
     {% endif %}
     {% if user.is_active and user.is_staff %}
         {% url 'django-admindocs-docroot' as docsroot %}
         {% if docsroot %}
-            <a href="{{ docsroot }}">{% trans 'Documentation' %}</a> /
+            <a href="{{ docsroot }}">{% trans 'Documentation' as tmsg %} {{tmsg|force_escape}}</a> /
         {% endif %}
     {% endif %}
-    <a href="{% url 'admin:logout' %}">{% trans 'Log out' %}</a>
+    <a href="{% url 'admin:logout' %}">{% trans 'Log out' as tmsg %} {{tmsg|force_escape}}</a>
 {% endblock %}
diff --git a/lms/djangoapps/teams/static/teams/templates/date.underscore b/lms/djangoapps/teams/static/teams/templates/date.underscore
index dcf5083f62..12ef50cdc4 100644
--- a/lms/djangoapps/teams/static/teams/templates/date.underscore
+++ b/lms/djangoapps/teams/static/teams/templates/date.underscore
@@ -1 +1 @@
-<abbr title="<%= date %>"></abbr>
+<abbr title="<%- date %>"></abbr>
diff --git a/lms/djangoapps/teams/static/teams/templates/edit-team-member.underscore b/lms/djangoapps/teams/static/teams/templates/edit-team-member.underscore
index d98af57c0d..b8bc9839c1 100644
--- a/lms/djangoapps/teams/static/teams/templates/edit-team-member.underscore
+++ b/lms/djangoapps/teams/static/teams/templates/edit-team-member.underscore
@@ -1,16 +1,16 @@
 <li class="team-member">
-    <a class="member-profile" href="<%= memberProfileUrl %>">
-        <img class="image-url" src="<%= imageUrl %>" alt="<%= username %>'s profile page" />
+    <a class="member-profile" href="<%= memberProfileUrl /* xss-lint: disable=underscore-not-escaped */%>">
+        <img class="image-url" src="<%= imageUrl /* xss-lint: disable=underscore-not-escaped */%>" alt="<%= username /* xss-lint: disable=underscore-not-escaped */%>'s profile page" />
     </a>
     <div class="member-info-container">
-    	<span class="primary"><%= username %></span>
+    	<span class="primary"><%= username /* xss-lint: disable=underscore-not-escaped */%></span>
     	<div class="secondary">
-    		<span id="date-joined"><%= dateJoined %></span>
+    		<span id="date-joined"><%= dateJoined /* xss-lint: disable=underscore-not-escaped */%></span>
     		<span> | </span>
-    		<span id="last-active"><%= lastActive %></span>
+    		<span id="last-active"><%= lastActive /* xss-lint: disable=underscore-not-escaped */%></span>
     	</div>
     </div>
-    <button class="action-remove-member" data-username="<%= username %>">
-        <%- gettext("Remove") %><span class="sr">&nbsp;<%= username %></span>
+    <button class="action-remove-member" data-username="<%= username /* xss-lint: disable=underscore-not-escaped */%>">
+        <%- gettext("Remove") %><span class="sr">&nbsp;<%= username /* xss-lint: disable=underscore-not-escaped */%></span>
     </button>
 </li>
diff --git a/lms/static/js/views/file_uploader.js b/lms/static/js/views/file_uploader.js
index d897852f95..18c4ef5af7 100644
--- a/lms/static/js/views/file_uploader.js
+++ b/lms/static/js/views/file_uploader.js
@@ -38,7 +38,7 @@
                     return optionVal || default_value;
                 },
                 submitButton, resultNotification;
-
+            // xss-lint: disable=javascript-jquery-html
             this.$el.html(this.template({
                 title: get_option_with_default('title', ''),
                 inputLabel: get_option_with_default('inputLabel', ''),
diff --git a/themes/stanford-style/lms/templates/static_templates/tos.html b/themes/stanford-style/lms/templates/static_templates/tos.html
index ad65e30bce..574b08d44b 100644
--- a/themes/stanford-style/lms/templates/static_templates/tos.html
+++ b/themes/stanford-style/lms/templates/static_templates/tos.html
@@ -1,4 +1,5 @@
 ## mako
+<%page expression_filter="h"/>
 <%!
   from django.utils.translation import ugettext as _
 %>
@@ -27,6 +28,7 @@
 <script>
     $(document).ready(function() {
         var print_tos = '<input type="button" value="Print Terms of Service" class="print">';
+        // xss-lint: disable=javascript-jquery-prepend, javascript-jquery-append
         $('#content section.tos').prepend(print_tos).append(print_tos);
         $('#content section.tos input.print').click(function() {
             window.print();