diff --git a/build/libifm.php b/build/libifm.php
index 07b043d..8f911f6 100644
--- a/build/libifm.php
+++ b/build/libifm.php
@@ -2272,7 +2272,16 @@ function IFM( params ) {
 		if( $handle = opendir( $start_dir ) ) {
 			while (false !== ( $result = readdir( $handle ) ) ) {
 				if( is_dir( $this->pathCombine( $start_dir, $result ) ) && $result != "." && $result != ".." ) {
-					array_push( $ret, array( "text" => $result, "dataAttributes" => array( "path" => $this->pathCombine( $start_dir, $result ) ), "nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) ) ) );
+					array_push(
+						$ret,
+						array(
+							"text" => htmlspecialchars( $result ),
+							"dataAttributes" => array(
+								"path" => $this->pathCombine( $start_dir, $result )
+							),
+							"nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) )
+						)
+					);
 				}
 			}
 		}
diff --git a/ifm.php b/ifm.php
index ec2fbe3..fce8074 100644
--- a/ifm.php
+++ b/ifm.php
@@ -2272,7 +2272,16 @@ function IFM( params ) {
 		if( $handle = opendir( $start_dir ) ) {
 			while (false !== ( $result = readdir( $handle ) ) ) {
 				if( is_dir( $this->pathCombine( $start_dir, $result ) ) && $result != "." && $result != ".." ) {
-					array_push( $ret, array( "text" => $result, "dataAttributes" => array( "path" => $this->pathCombine( $start_dir, $result ) ), "nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) ) ) );
+					array_push(
+						$ret,
+						array(
+							"text" => htmlspecialchars( $result ),
+							"dataAttributes" => array(
+								"path" => $this->pathCombine( $start_dir, $result )
+							),
+							"nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) )
+						)
+					);
 				}
 			}
 		}
diff --git a/src/main.php b/src/main.php
index bc51b0f..b1e0a59 100644
--- a/src/main.php
+++ b/src/main.php
@@ -324,7 +324,16 @@ f00bar;
 		if( $handle = opendir( $start_dir ) ) {
 			while (false !== ( $result = readdir( $handle ) ) ) {
 				if( is_dir( $this->pathCombine( $start_dir, $result ) ) && $result != "." && $result != ".." ) {
-					array_push( $ret, array( "text" => $result, "dataAttributes" => array( "path" => $this->pathCombine( $start_dir, $result ) ), "nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) ) ) );
+					array_push(
+						$ret,
+						array(
+							"text" => htmlspecialchars( $result ),
+							"dataAttributes" => array(
+								"path" => $this->pathCombine( $start_dir, $result )
+							),
+							"nodes" => $this->getFolderTreeRecursive( $this->pathCombine( $start_dir, $result ) )
+						)
+					);
 				}
 			}
 		}