diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs
index 6c6174c0bb..0a6bd540fe 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs
@@ -28,7 +28,7 @@ namespace umbraco
             IOHelper.EnsureFileExists(Path.Combine(IOHelper.MapPath(SystemDirectories.Xslt), "web.config"), Files.BlockingWebConfig);
 
             var template = Alias.Substring(0, Alias.IndexOf("|||"));
-            var fileName = Alias.Substring(Alias.IndexOf("|||") + 3, Alias.Length - Alias.IndexOf("|||") - 3).Replace(" ", "");
+            var fileName = Alias.Substring(Alias.IndexOf("|||") + 3, Alias.Length - Alias.IndexOf("|||") - 3);
             if (fileName.ToLowerInvariant().EndsWith(".xslt") == false)
                 fileName += ".xslt";
             var xsltTemplateSource = IOHelper.MapPath(SystemDirectories.Umbraco + "/xslt/templates/" + template);
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs
index 16db1a160f..d60859662b 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs
@@ -66,7 +66,7 @@ namespace umbraco.presentation.create
                     BasePage.Current.getUser(),
                     helper.Request("nodeType"),
                     createMacroVal,
-                    xsltName + "|||" + rename.Text);
+                    xsltName + "|||" + rename.Text.CleanForXss());
 
                 BasePage.Current.ClientTools
                     .ChangeContentFrameUrl(returnUrl)
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs
index fe94628ebe..67eb3c5244 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs
@@ -97,7 +97,7 @@ namespace umbraco.cms.presentation.developer
 
 
 			// Add source and filename
-			var file = IOHelper.MapPath(SystemDirectories.Xslt + "/" + Request.QueryString["file"]);
+			var file = IOHelper.MapPath(SystemDirectories.Xslt + "/" + Request.QueryString["file"].CleanForXss().Replace(" ", ""));
 
 			// validate file
 			IOHelper.ValidateEditPath(file, SystemDirectories.Xslt);
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs
index 954cd3860b..862d249af5 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs
@@ -61,6 +61,8 @@ namespace umbraco.presentation.webservices
         [WebMethod]
         public string SaveXslt(string fileName, string oldName, string fileContents, bool ignoreDebugging)
         {
+            fileName = fileName.CleanForXss();
+
             if (AuthorizeRequest(DefaultApps.developer.ToString()))
             {
                 IOHelper.EnsurePathExists(SystemDirectories.Xslt);
@@ -448,4 +450,4 @@ namespace umbraco.presentation.webservices
         }
 
     }
-}
\ No newline at end of file
+}