diff --git a/resources/js/ajax.js b/resources/js/ajax.js
index da70738..221a02c 100644
--- a/resources/js/ajax.js
+++ b/resources/js/ajax.js
@@ -51,7 +51,7 @@ function getDir(query) {
     }
 
     formUlPth.value    = path; // Setup upload path for form
-    path               = "dirQuery=" + path;
+    path               = "dirQuery=" + encodeURIComponent(path);
     process(path);
 }
 
diff --git a/resources/js/filesystemActions.js b/resources/js/filesystemActions.js
index 30f3d24..6d6f61c 100644
--- a/resources/js/filesystemActions.js
+++ b/resources/js/filesystemActions.js
@@ -1,7 +1,9 @@
+var itemObj = undefined;
+
 function renameItem(obj) {
-    var path      = document.getElementById("path").innerHTML;
-    var oldName   = formerFileName;
-    var newName   = obj.value;
+    var path      = encodeURIComponent(document.getElementById("path").innerHTML);
+    var oldName   = encodeURIComponent(formerFileName);
+    var newName   = encodeURIComponent(obj.value);
     var formData  = "renameItem=true&oldName=" + oldName + "&newName=" + newName + "&path=" + path;
     var xhttp     = new XMLHttpRequest();
 
@@ -14,11 +16,12 @@ function renameItem(obj) {
 }
 
 function createItem(type) {
-    var path = document.getElementById("path").innerHTML;
-    var newItem = document.getElementById("NewItem");
-    var fullPth = path + newItem.value;
-    var xhttp   = new XMLHttpRequest();
+    var path      = document.getElementById("path").innerHTML;
+    var newItem   = document.getElementById("NewItem");
+    var fullPth   = path + newItem.value;
+    var xhttp     = new XMLHttpRequest();
     newItem.value = "";
+    fullPth       = encodeURIComponent(fullPth);
 
     xhttp.open("POST", "resources/php/filesystemActions.php", true);
     xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
@@ -30,12 +33,12 @@ function startDeleteItem(item) {
     itemObj = item;
 }
 
-function deleteItem(item) {
+function deleteItem() {
     var path = document.getElementById("path").innerHTML;
-
     // Clicked yes to delete and there is an item
     if (itemObj != undefined && itemObj != null) {
         var fullPth = path + itemObj;
+        fullPth     = encodeURIComponent(fullPth);
         var answer = confirm("Are you sure you want to delete: " + fullPth);
         if (answer == true) {
             var xhttp   = new XMLHttpRequest();
diff --git a/resources/js/xmlParser.js b/resources/js/xmlParser.js
index f42bd82..6c12954 100644
--- a/resources/js/xmlParser.js
+++ b/resources/js/xmlParser.js
@@ -1,6 +1,6 @@
 const insertArea = document.getElementById('dynDiv');
 
-function updateHTMLDirList(returnData) {
+async function updateHTMLDirList(returnData) {
     var dirPath    = returnData.getElementsByTagName('PATH_HEAD')[0].innerHTML;
     var dirs       = returnData.getElementsByTagName('DIR');
     var videos     = returnData.getElementsByTagName('VID_FILE');
diff --git a/resources/php/filesystemActions.php b/resources/php/filesystemActions.php
index 1fddb9a..605f700 100644
--- a/resources/php/filesystemActions.php
+++ b/resources/php/filesystemActions.php
@@ -3,6 +3,9 @@ session_start();
 
 // Create file or folder
 function createItem($FILE, $TYPE) {
+    $FILE = preg_replace('/[^.[:alnum:]_-]/','_',trim($FILE));  // converting all on alphanumeric chars to _
+    $FILE = preg_replace('/\.*$/','',$FILE);                    // removing dot . after file extension
+
     if ($TYPE == "dir"){
         mkdir($FILE, 0755);
     } else if ($TYPE == "file") {