diff --git a/Cargo.toml b/Cargo.toml
index 16be8cd41..0dcce54b0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -64,11 +64,11 @@ cell = ["actix-net/cell"]
 actix = "^0.7.5"
 actix-net = "0.2.0"
 
+askama_escape = "0.1.0"
 base64 = "0.10"
 bitflags = "1.0"
 failure = "^0.1.2"
 h2 = "0.1"
-htmlescape = "0.3"
 http = "^0.1.8"
 httparse = "1.3"
 log = "0.4"
diff --git a/src/fs.rs b/src/fs.rs
index 10cdaff7b..51470846e 100644
--- a/src/fs.rs
+++ b/src/fs.rs
@@ -11,10 +11,10 @@ use std::{cmp, io};
 #[cfg(unix)]
 use std::os::unix::fs::MetadataExt;
 
+use askama_escape::{escape as escape_html_entity};
 use bytes::Bytes;
 use futures::{Async, Future, Poll, Stream};
 use futures_cpupool::{CpuFuture, CpuPool};
-use htmlescape::encode_minimal as escape_html_entity;
 use mime;
 use mime_guess::{get_mime_type, guess_mime_type};
 use percent_encoding::{utf8_percent_encode, DEFAULT_ENCODE_SET};
@@ -561,6 +561,20 @@ impl Directory {
     }
 }
 
+// show file url as relative to static path
+macro_rules! encode_file_url {
+    ($path:ident) => {
+        utf8_percent_encode(&$path.to_string_lossy(), DEFAULT_ENCODE_SET)
+    };
+}
+
+// " -- &quot;  & -- &amp;  ' -- &#x27;  < -- &lt;  > -- &gt;  / -- &#x2f;
+macro_rules! encode_file_name {
+    ($entry:ident) => {
+        escape_html_entity(&$entry.file_name().to_string_lossy())
+    };
+}
+
 fn directory_listing<S>(
     dir: &Directory, req: &HttpRequest<S>,
 ) -> Result<HttpResponse, io::Error> {
@@ -575,11 +589,6 @@ fn directory_listing<S>(
                 Ok(p) => base.join(p),
                 Err(_) => continue,
             };
-            // show file url as relative to static path
-            let file_url = utf8_percent_encode(&p.to_string_lossy(), DEFAULT_ENCODE_SET)
-                .to_string();
-            // " -- &quot;  & -- &amp;  ' -- &#x27;  < -- &lt;  > -- &gt;
-            let file_name = escape_html_entity(&entry.file_name().to_string_lossy());
 
             // if file is a directory, add '/' to the end of the name
             if let Ok(metadata) = entry.metadata() {
@@ -587,13 +596,15 @@ fn directory_listing<S>(
                     let _ = write!(
                         body,
                         "<li><a href=\"{}\">{}/</a></li>",
-                        file_url, file_name
+                        encode_file_url!(p),
+                        encode_file_name!(entry),
                     );
                 } else {
                     let _ = write!(
                         body,
                         "<li><a href=\"{}\">{}</a></li>",
-                        file_url, file_name
+                        encode_file_url!(p),
+                        encode_file_name!(entry),
                     );
                 }
             } else {
diff --git a/src/lib.rs b/src/lib.rs
index 1ed408099..738153fab 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -100,9 +100,9 @@ extern crate failure;
 extern crate lazy_static;
 #[macro_use]
 extern crate futures;
+extern crate askama_escape;
 extern crate cookie;
 extern crate futures_cpupool;
-extern crate htmlescape;
 extern crate http as modhttp;
 extern crate httparse;
 extern crate language_tags;