diff --git a/app/site_files.rb b/app/site_files.rb
index d63fd90a..1efac13d 100644
--- a/app/site_files.rb
+++ b/app/site_files.rb
@@ -32,7 +32,7 @@ post '/site_files/create' do
   name = current_site.scrubbed_path name
 
   if current_site.file_exists?(name)
-    flash[:error] = %{Web page "#{name}" already exists! Choose another name.}
+    flash[:error] = %{Web page "#{Rack::Utils.escape_html name}" already exists! Choose another name.}
     redirect redirect_uri
   end
 
@@ -67,7 +67,9 @@ post '/site_files/create' do
     site_file.save
   end
 
-  flash[:success] = %{#{name} was created! <a style="color: #FFFFFF; text-decoration: underline" href="/site_files/text_editor/#{name}">Click here to edit it</a>.}
+  escaped_name = Rack::Utils.escape_html name
+
+  flash[:success] = %{#{escaped_name} was created! <a style="color: #FFFFFF; text-decoration: underline" href="/site_files/text_editor/#{escaped_name}">Click here to edit it</a>.}
 
   redirect redirect_uri
 end
diff --git a/views/dashboard.erb b/views/dashboard.erb
index 437ff38c..34910c63 100644
--- a/views/dashboard.erb
+++ b/views/dashboard.erb
@@ -122,7 +122,6 @@
       <div class="upload-Boundary <%= @file_list.length <= 5 ? 'with-instruction' : '' %>">
         <% @file_list.each do |file| %>
           <div class="file filehover">
-            <!-- <input type="checkbox" name="" value="" /> -->
             <% if file[:is_html] && current_site.screenshot_exists?(file[:path], '210x158') %>
               <div class="html-thumbnail html fileimagehover">
                 <img src="<%= current_site.screenshot_url(file[:path], '210x158') %>" alt="">
@@ -160,6 +159,7 @@
             </div>
 
             <div class="overlay">
+              <div id="<%= Digest::SHA256.hexdigest file[:path] %>" style="display: none"><%= file[:path] %></div>
               <% if file[:is_editable] %>
                 <a href="/site_files/text_editor<%= file[:path] %>"><i class="fa fa-edit" title="Edit"></i> Edit</a>
               <% end %>
@@ -167,7 +167,7 @@
                 <a href="?dir=<%= Rack::Utils.escape file[:path] %>"><i class="fa fa-edit" title="Manage"></i> Manage</a>
               <% end %>
               <% if !file[:is_root_index] %>
-                <a href="#" onclick="confirmFileDelete('<%== file[:path].gsub("'", '&apos;') %>')"><i class="fa fa-trash" title="Delete"></i> Delete</a>
+                <a href="#" onclick="confirmFileDelete($('#<%= Digest::SHA256.hexdigest file[:path] %>').text())"><i class="fa fa-trash" title="Delete"></i> Delete</a>
               <% end %>
               <% if file[:is_directory] %>
               <a class="link-overlay" href="?dir=<%= Rack::Utils.escape file[:path] %>" title="View <%= file[:path] %>"></a>
@@ -262,7 +262,7 @@
 <script>
 
   function confirmFileDelete(name) {
-    $('#deleteFileName').html(name.replace('/',''));
+    $('#deleteFileName').text(name.replace('/',''));
     $('#deleteConfirmModal').modal();
   }
 
@@ -305,7 +305,7 @@
         if(file.status == 'error' && file.name.match(/.+\..+/) == null && errorMessage == 'Server responded with 0 code.') {
           alert('Recursive directory upload is only supported by the Chrome web browser.')
         } else {
-          location.href = '/dashboard<%= @dir ? "?dir=#{@dir}" : "" %>'
+          location.href = '/dashboard<%= @dir ? "?dir=#{Rack::Utils.escape @dir}" : "" %>'
         }
       })
 
diff --git a/views/site_files/text_editor.erb b/views/site_files/text_editor.erb
index fcecb0eb..0d2100e4 100644
--- a/views/site_files/text_editor.erb
+++ b/views/site_files/text_editor.erb
@@ -154,40 +154,38 @@
 
   var editor = {}
 
-  $.get('/site_files/download/<%= @filename %>', function(resp) {
-    $(document).ready(function() {
-      $.get('/site_files/download/<%= @filename %>', function(resp) {
-        editor = ace.edit("editor")
-        setTheme()
-        <% if @ace_mode %>
-          editor.getSession().setMode("ace/mode/<%= @ace_mode %>")
-        <% end %>
-        editor.getSession().setTabSize(2)
-        editor.getSession().setUseWrapMode(true)
-        editor.setFontSize(14)
-        editor.setShowPrintMargin(false)
-        editor.setOptions({
-          maxLines: Infinity,
-          autoScrollEditorIntoView: true
-        })
+  $(document).ready(function() {
+    $.get("/site_files/download/<%= Addressable::URI.parse(@filename).normalized_path.to_s %>", function(resp) {
+      editor = ace.edit("editor")
+      setTheme()
+      <% if @ace_mode %>
+        editor.getSession().setMode("ace/mode/<%= @ace_mode %>")
+      <% end %>
+      editor.getSession().setTabSize(2)
+      editor.getSession().setUseWrapMode(true)
+      editor.setFontSize(14)
+      editor.setShowPrintMargin(false)
+      editor.setOptions({
+        maxLines: Infinity,
+        autoScrollEditorIntoView: true
+      })
 
-        // Disable autocomplete
-        editor.setBehavioursEnabled(false)
+      // Disable autocomplete
+      editor.setBehavioursEnabled(false)
 
-        editor.setValue(resp, -1)
+      editor.setValue(resp, -1)
 
-        editor.on('change', function(obj) {
-          $('a#saveButton,a#saveAndExitButton').css('opacity', 1)
-          unsavedChanges = true
-        })
+      editor.on('change', function(obj) {
+        $('a#saveButton,a#saveAndExitButton').css('opacity', 1)
+        unsavedChanges = true
+      })
 
-        editor.commands.addCommand({
-            name: 'saveCommand',
-            bindKey: {win: 'Ctrl-S',  mac: 'Command-S'},
-            exec: function(editor) {
-              saveTextFile(false)
-            }
-        })
+      editor.commands.addCommand({
+          name: 'saveCommand',
+          bindKey: {win: 'Ctrl-S',  mac: 'Command-S'},
+          exec: function(editor) {
+            saveTextFile(false)
+          }
       })
     })
   })