diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index e349e7704..bef30a977 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -758,6 +758,7 @@ class Context {
 		foreach($_FILES as $key => $val) {
 			$tmp_name = $val['tmp_name'];
 			if(!$tmp_name || !is_uploaded_file($tmp_name)) continue;
+			$val['name'] = htmlspecialchars($val['name']);
 			$this->set($key, $val, true);
 			$this->is_uploaded = true;
 		}
diff --git a/modules/file/file.controller.php b/modules/file/file.controller.php
index 5cabb3bc6..874b267d7 100644
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@@ -512,9 +512,6 @@
             $args->member_srl = $member_srl;
             $args->sid = md5(rand(rand(1111111,4444444),rand(4444445,9999999)));
 
-			$security = new Security($args->source_filename);
-			$args->source_filename = $security->encodeHTML();
-
             $output = executeQuery('file.insertFile', $args);
             if(!$output->toBool()) return $output;
             // Call a trigger (after)