diff --git a/server.py b/server.py
index 05d1af04..be2fc056 100644
--- a/server.py
+++ b/server.py
@@ -118,11 +118,15 @@ class PromptServer():
 
                 output_dir = os.path.join(os.path.dirname(os.path.realpath(__file__)), type)
                 if "subfolder" in request.rel_url.query:
-                    output_dir = os.path.join(output_dir, request.rel_url.query["subfolder"])
+                    full_output_dir = os.path.join(output_dir, request.rel_url.query["subfolder"])
+                    if os.path.commonpath((os.path.realpath(full_output_dir), output_dir)) != output_dir:
+                        return web.Response(status=403)
+                    output_dir = full_output_dir
 
                 file = request.rel_url.query["file"]
                 file = os.path.basename(file)
                 file = os.path.join(output_dir, file)
+
                 if os.path.isfile(file):
                     return web.FileResponse(file)