diff --git a/app/api.rb b/app/api.rb
index 71b17233..f476003b 100644
--- a/app/api.rb
+++ b/app/api.rb
@@ -106,6 +106,7 @@ post '/api/upload' do
   end
 
   files.each do |file|
+    file[:filename] = Rack::Utils.unescape file[:filename]
     if !current_site.okay_to_upload?(file)
       api_error 400, 'invalid_file_type', "#{file[:filename]} is not an allowed file type for free sites, supporter required"
     end
diff --git a/models/site.rb b/models/site.rb
index babe693b..5d7af285 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -1428,6 +1428,10 @@ class Site < Sequel::Model
     'https'
   end
 
+  def self.escape_path(val)
+    Rack::Utils.escape_path(val).gsub('?', '%3F')
+  end
+
   def uri(path=nil)
     uri = "#{default_schema}://#{host}"
 
@@ -1437,7 +1441,7 @@ class Site < Sequel::Model
     path = path.sub(%r{^/}, '').sub(%r{/index\.html$}, '/').sub(/\.html$/, '')
 
     unless path.empty?
-      escaped_path = Rack::Utils.escape_path(path).gsub('?', '%3F')
+      escaped_path = self.class.escape_path path
       uri += "/#{escaped_path}"
     end
 
diff --git a/views/site_files/text_editor.erb b/views/site_files/text_editor.erb
index 39582abb..94d34f16 100644
--- a/views/site_files/text_editor.erb
+++ b/views/site_files/text_editor.erb
@@ -89,7 +89,7 @@
       </div>
       <a id="saveButton" class="btn-Action" href="#" onclick="saveTextFile(false); return false" style="opacity: 0.5"><span class="hide-on-mobile"><i class="fa fa-save"></i></span>Save</a>
       <span class="hide-on-mobile">
-        <a class="btn-Action" href="<%= current_site.uri %>/<%= @filename == 'index.html' ? '' : @filename %>" target="_blank"><i class="fa fa-globe"></i> View</a>
+        <a class="btn-Action" href="<%= current_site.uri @filename %>" target="_blank"><i class="fa fa-globe"></i> View</a>
         <a href="#" id="shareButton" class="btn-Action" data-container="body" data-toggle="popover" data-placement="bottom" data-content='<%== erb :'_share', layout: false, locals: {site: current_site, page_uri: "#{current_site.uri}/#{@filename}"} %>'><i class="fa fa-share-alt chat-button"></i> Share</a><% if current_site.supporter? %><a class="btn-Action" id="chatButton"><i class="fa fa-comments"></i> Penelope <span style="font-size: 8pt">(beta)</span></a><% end %>
       </span>
     <!-- <a id="saveAndExitButton" class="btn-Action" href="#" onclick="saveTextFile(true); return false" style="opacity: 0.5"><i class="fa fa-save"></i>&nbsp;&nbsp;Save and Exit</a> -->
@@ -162,9 +162,9 @@
 
     var formData = new FormData();
     var fileContent = editor.getValue();
-    formData.append('<%= escape_javascript @filename %>', new File([fileContent], '<%= escape_javascript @filename %>', { type: 'text/html' }));
-    formData.append('csrf_token', '<%= escape_javascript csrf_token %>');
-    formData.append('username', '<%= escape_javascript current_site.username %>');
+    formData.append('<%== escape_javascript @filename %>', new File([fileContent], '<%== escape_javascript @filename %>', { type: 'text/html' }));
+    formData.append('csrf_token', '<%== escape_javascript csrf_token %>');
+    formData.append('username', '<%== escape_javascript current_site.username %>');
 
     $.ajax({
       url: '/api/upload',
@@ -219,7 +219,7 @@
 
   $(document).ready(function() {
     $.ajax({
-      url: "/site_files/download/<%= Rack::Utils.escape(@filename) %>",
+      url: "/site_files/download/<%= Site.escape_path(@filename) %>",
       cache: false,
       success: function(resp) {
         editor = ace.edit("editor")