diff --git a/views/site_files/text_editor.erb b/views/site_files/text_editor.erb
index 1c5bb0cc..c3657647 100644
--- a/views/site_files/text_editor.erb
+++ b/views/site_files/text_editor.erb
@@ -113,7 +113,7 @@
     if(unsavedChanges == false)
       return
     $.ajax({
-      url: '/site_files/save/<%= @filename %>?csrf_token=<%= csrf_token %>',
+      url: '/site_files/save/<%= Rack::Utils.escape @filename %>?csrf_token=<%= Rack::Utils.escape csrf_token %>',
       data: editor.getValue(),
       processData: false,
       contentType: false,
@@ -185,4 +185,4 @@
     return true
   })
 
-</script>
\ No newline at end of file
+</script>