diff --git a/app/site_files.rb b/app/site_files.rb
index 1efac13d..02738b95 100644
--- a/app/site_files.rb
+++ b/app/site_files.rb
@@ -116,7 +116,7 @@ post '/site_files/upload' do
file_upload_response "#{file[:filename]} is too large, upload cancelled."
end
if !current_site.okay_to_upload? file
- file_upload_response %{#{file[:filename]}: file type (or content in file) is only supported by supporter accounts. Why We Do This}
+ file_upload_response %{#{Rack::Utils.escape_html file[:filename]}: file type (or content in file) is only supported by supporter accounts. Why We Do This}
end
end