diff --git a/shabda/web.py b/shabda/web.py
index 2450cda..1c4831f 100644
--- a/shabda/web.py
+++ b/shabda/web.py
@@ -17,6 +17,7 @@
     after_this_request,
 )
 from werkzeug.exceptions import BadRequest, HTTPException
+from werkzeug.utils import secure_filename
 from shabda.dj import Dj
 
 
@@ -146,11 +147,12 @@ def remove_file(response):
 def speech_zip(definition):
     """Download a zip archive"""
     definition = definition.replace(" ", "_")
+    definition_secure = secure_filename(definition)
     try:
         words = dj.parse_definition(definition)
     except ValueError as ex:
         raise BadRequest(ex) from ex
-    tmpfile = tempfile.gettempdir() + "/" + definition + ".zip"
+    tmpfile = os.path.join(tempfile.gettempdir(), definition_secure + ".zip")
     with ZipFile(tmpfile, "w") as zipfile:
         for word, number in words.items():
             samples = dj.list(word, number, soundtype="tts")