diff --git a/brouter-server/src/main/java/btools/server/request/ServerHandler.java b/brouter-server/src/main/java/btools/server/request/ServerHandler.java
index 48b508c..9fc4c63 100644
--- a/brouter-server/src/main/java/btools/server/request/ServerHandler.java
+++ b/brouter-server/src/main/java/btools/server/request/ServerHandler.java
@@ -191,7 +191,7 @@ public class ServerHandler extends RequestHandler {
 
     if ( format != null )
     {
-      fileName = ( params.get( "trackname" ) == null ? "brouter" : params.get( "trackname" ) ) + "." + format;
+      fileName = ( params.get( "trackname" ) == null ? "brouter" : params.get( "trackname" ).replaceAll("[^a-zA-Z0-9 \\._\\-]+", "") ) + "." + format;
     }
 
     return fileName;