diff --git a/htdocs/document.php b/htdocs/document.php
index 2b37792d69a..42795ad0909 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -221,7 +221,7 @@ if (! $accessallowed)
 if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
 {
 	dol_syslog("Refused to deliver file ".$fullpath_original_file);
-	print "ErrorFileNameInvalid: ".$original_file;
+	print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);
 	exit;
 }
 
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 07b69fff2e9..dd367857979 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -232,7 +232,7 @@ if (! $accessallowed)
 if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file))
 {
 	dol_syslog("Refused to deliver file ".$fullpath_original_file);
-	print "ErrorFileNameInvalid: ".$original_file;
+	print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file);
 	exit;
 }