diff --git a/express_webpack/package.json b/express_webpack/package.json
index 711204cd6..f2fda7f0d 100644
--- a/express_webpack/package.json
+++ b/express_webpack/package.json
@@ -15,7 +15,8 @@
     "express": "^4.17.3",
     "fs": "0.0.1-security",
     "https": "^1.0.0",
-    "nodemon": "^1.19.3"
+    "nodemon": "^1.19.3",
+    "sanitize-filename": "^1.6.3"
   },
   "devDependencies": {
     "@babel/core": "^7.6.2",
diff --git a/express_webpack/server.js b/express_webpack/server.js
index 2f062318b..8ce1058f6 100644
--- a/express_webpack/server.js
+++ b/express_webpack/server.js
@@ -2,6 +2,7 @@ const path = require('path');
 const express = require('express');
 const https = require('https');
 const fs = require('fs');
+var sanitize = require("sanitize-filename");
 const app = express(),
             DIST_DIR = __dirname,
             HTML_FILE = path.join(DIST_DIR, 'index.html'),
@@ -17,11 +18,11 @@ app.get('/', (req, res) => {
 })
 
 app.get('/sdks/web/v16/:file', (req, res) => {
-    res.sendFile(SDK_FILES + req.params.file);
+    res.sendFile(SDK_FILES + sanitize(req.params.file));
 });
 
 app.get('/:file', (req, res) => {
-    res.sendFile(req.params.file);
+    res.sendFile(sanitize(req.params.file));
 });
 
 https.createServer(options, app).listen(4001, () => console.log("express_webpack: listening on port 4001 (https)"));
diff --git a/express_webpack/yarn.lock b/express_webpack/yarn.lock
index 0734125f4..7b37e3784 100644
--- a/express_webpack/yarn.lock
+++ b/express_webpack/yarn.lock
@@ -4101,6 +4101,13 @@ safe-regex@^1.1.0:
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
+sanitize-filename@^1.6.3:
+  version "1.6.3"
+  resolved "https://registry.yarnpkg.com/sanitize-filename/-/sanitize-filename-1.6.3.tgz#755ebd752045931977e30b2025d340d7c9090378"
+  integrity sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==
+  dependencies:
+    truncate-utf8-bytes "^1.0.0"
+
 schema-utils@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-1.0.0.tgz#0b79a93204d7b600d4b2850d1f66c2a34951c770"
@@ -4544,6 +4551,13 @@ touch@^3.1.0:
   dependencies:
     nopt "~1.0.10"
 
+truncate-utf8-bytes@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz#405923909592d56f78a5818434b0b78489ca5f2b"
+  integrity sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==
+  dependencies:
+    utf8-byte-length "^1.0.1"
+
 tslib@^1.9.0:
   version "1.10.0"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.10.0.tgz#c3c19f95973fb0a62973fb09d90d961ee43e5c8a"
@@ -4710,6 +4724,11 @@ use@^3.1.0:
   resolved "https://registry.yarnpkg.com/use/-/use-3.1.1.tgz#d50c8cac79a19fbc20f2911f56eb973f4e10070f"
   integrity sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==
 
+utf8-byte-length@^1.0.1:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/utf8-byte-length/-/utf8-byte-length-1.0.4.tgz#f45f150c4c66eee968186505ab93fcbb8ad6bf61"
+  integrity sha512-4+wkEYLBbWxqTahEsWrhxepcoVOJ+1z5PGIjPZxRkytcdSUaNjIjBM7Xn8E+pdSuV7SzvWovBFA54FO0JSoqhA==
+
 util-deprecate@^1.0.1, util-deprecate@~1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"