diff --git a/server/resource.go b/server/resource.go
index e2c77995..bbf009ed 100644
--- a/server/resource.go
+++ b/server/resource.go
@@ -3,9 +3,9 @@ package server
 import (
 	"encoding/json"
 	"fmt"
-	"html"
 	"io"
 	"net/http"
+	"net/url"
 	"strconv"
 	"time"
 
@@ -249,8 +249,10 @@ func (s *Server) registerResourcePublicRoutes(g *echo.Group) {
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
 		}
-
-		filename := html.UnescapeString(c.Param("filename"))
+		filename, err := url.QueryUnescape(c.Param("filename"))
+		if err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("filename is invalid: %s", c.Param("filename"))).SetInternal(err)
+		}
 		resourceFind := &api.ResourceFind{
 			ID:       &resourceID,
 			Filename: &filename,