diff --git a/include/class.forms.php b/include/class.forms.php
index 5022a8ce2808fa88c56f52205b66ad5186f08c2b..7d7c585e9e8629ab2d09f74c0f50158dbbab0006 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -4605,7 +4605,7 @@ class FreeTextWidget extends Widget {
             <section class="freetext-files">
             <div class="title"><?php echo __('Related Resources'); ?></div>
             <?php foreach ($attachments->all() as $attach) {
-                $filename = $attach->getFilename();
+                $filename = Format::htmlchars($attach->getFilename());
                 ?>
                 <div class="file">
                 <a href="<?php echo $attach->file->getDownloadUrl(); ?>"