diff --git a/src/audit.go b/src/audit.go
index 89dfacd..5b6307f 100644
--- a/src/audit.go
+++ b/src/audit.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -115,7 +116,7 @@ func (record *AuditRecord) DescribePrincipal() string {
 func (record *AuditRecord) DescribeResource() string {
 	desc := "<unknown>"
 	if record.Domain != nil && record.Project != nil {
-		desc = fmt.Sprintf("%s/%s", *record.Domain, *record.Project)
+		desc = path.Join(*record.Domain, *record.Project)
 	} else if record.Domain != nil {
 		desc = *record.Domain
 	}
@@ -292,7 +293,7 @@ func (audited *auditedBackend) appendNewAuditRecord(ctx context.Context, record
 			if record.Project == nil {
 				subject = *record.Domain
 			} else {
-				subject = fmt.Sprintf("%s/%s", *record.Domain, *record.Project)
+				subject = path.Join(*record.Domain, *record.Project)
 			}
 			logc.Printf(ctx, "audit %s ok: %s %s\n", subject, id, record.Event.String())
 
diff --git a/src/pages.go b/src/pages.go
index 48ef9cd..c7d8a52 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -67,7 +67,7 @@ func observeSiteUpdate(via string, result *UpdateResult) {
 }
 
 func makeWebRoot(host string, projectName string) string {
-	return fmt.Sprintf("%s/%s", strings.ToLower(host), projectName)
+	return path.Join(strings.ToLower(host), projectName)
 }
 
 func getWebRoot(r *http.Request) (string, error) {
@@ -705,7 +705,7 @@ func postPage(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
-	if event.Ref != fmt.Sprintf("refs/heads/%s", auth.branch) {
+	if event.Ref != path.Join("refs", "heads", auth.branch) {
 		code := http.StatusUnauthorized
 		if strings.Contains(r.Header.Get("User-Agent"), "GitHub-Hookshot") {
 			// GitHub has no way to restrict branches for a webhook, and responding with 401