diff --git a/flask_webgoat/actions.py b/flask_webgoat/actions.py
index 8cf5bbf4..f75e57eb 100644
--- a/flask_webgoat/actions.py
+++ b/flask_webgoat/actions.py
@@ -4,6 +4,7 @@
 import subprocess
 
 from flask import Blueprint, request, jsonify, session
+from werkzeug.utils import secure_filename
 
 bp = Blueprint("actions", __name__)
 
@@ -29,10 +30,9 @@ def log_entry():
     if not user_dir_path.exists():
         user_dir_path.mkdir()
 
-    filename = filename_param + ".txt"
-    path = Path(user_dir + "/" + filename)
+    filename = secure_filename(filename_param) + ".txt"
+    path = Path(user_dir) / filename
     with path.open("w", encoding="utf-8") as open_file:
-        # vulnerability: Directory Traversal
         open_file.write(text_param)
     return jsonify({"success": True})