diff --git a/wikinote/__init__.py b/wikinote/__init__.py
index 67cd694..c5896fa 100644
--- a/wikinote/__init__.py
+++ b/wikinote/__init__.py
@@ -1,5 +1,5 @@
 #   WikiNote3
-#   Copyright © 2020  Lee Yingtong Li (RunasSudo)
+#   Copyright © 2020, 2022  Lee Yingtong Li (RunasSudo)
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -17,6 +17,7 @@
 from .markup import WNMarkdown
 
 import flask
+from werkzeug.security import safe_join
 
 import os
 import pickle
@@ -37,9 +38,9 @@ def get_children(path):
 		return os.path.splitext(c)[0]
 	
 	children = []
-	if os.path.isdir(flask.safe_join('./data/pages', path)):
-		for child in os.listdir(flask.safe_join('./data/pages', path)):
-			child_path = flask.safe_join('./data/pages', path, child)
+	if os.path.isdir(safe_join('./data/pages', path)):
+		for child in os.listdir(safe_join('./data/pages', path)):
+			child_path = safe_join('./data/pages', path, child)
 			
 			if child.startswith('_'):
 				continue
@@ -80,7 +81,7 @@ def index_page():
 
 @app.route('/page/<path:path>')
 def page_view(path):
-	fname = flask.safe_join('./data/pages', path) + '.md'
+	fname = safe_join('./data/pages', path) + '.md'
 	
 	if os.path.islink(fname):
 		redir_page = '/'.join(path.split('/')[:-1]) + '/' + os.path.splitext(os.readlink(fname))[0]
@@ -133,7 +134,7 @@ def page_view(path):
 
 @app.route('/preview/<path:path>')
 def page_preview(path):
-	fname = flask.safe_join('./data/pages', path) + '.md'
+	fname = safe_join('./data/pages', path) + '.md'
 	
 	if not os.path.exists(fname):
 		return ''
@@ -175,12 +176,12 @@ def page_preview(path):
 
 @app.route('/image/<name>')
 def image_view(name):
-	fname = flask.safe_join(os.getcwd(), './data/images', name[0].upper(), name)
+	fname = safe_join(os.getcwd(), './data/images', name[0].upper(), name)
 	return flask.send_file(fname)
 
 @app.route('/image/<name>/about')
 def image_about(name):
-	fname = flask.safe_join(os.getcwd(), './data/images', name[0].upper(), os.path.splitext(name)[0] + '.md')
+	fname = safe_join(os.getcwd(), './data/images', name[0].upper(), os.path.splitext(name)[0] + '.md')
 	
 	with(open(fname, 'r')) as f:
 		page_source = f.read()
@@ -220,10 +221,10 @@ def cli_index():
 		base_path = './data/pages'
 		for dirpath, dirnames, filenames in os.walk(base_path):
 			for fname in filenames:
-				if fname.endswith('.md') and not os.path.islink(flask.safe_join(dirpath, fname)):
+				if fname.endswith('.md') and not os.path.islink(safe_join(dirpath, fname)):
 					page_path = dirpath[len(base_path)+1:] + '/' + fname[:-3]
 					
-					with(open(flask.safe_join(dirpath, fname), 'r')) as f:
+					with(open(safe_join(dirpath, fname), 'r')) as f:
 						page_source = f.read()
 					md = WNMarkdown()
 					md.convert(page_source)
@@ -234,7 +235,7 @@ def cli_index():
 						tags[tag].append({'kind': 'page', 'path': page_path})
 					
 					for ref in md.meta.get('refs', []):
-						fname_ref = flask.safe_join('./data/pages', ref) + '.md'
+						fname_ref = safe_join('./data/pages', ref) + '.md'
 						if os.path.islink(fname_ref):
 							ref = '/'.join(ref.split('/')[:-1]) + '/' + os.path.splitext(os.readlink(fname_ref))[0]
 						
@@ -249,7 +250,7 @@ def cli_index():
 				if fname.endswith('.md'):
 					continue
 				
-				md_path = flask.safe_join(dirpath, os.path.splitext(fname)[0] + '.md')
+				md_path = safe_join(dirpath, os.path.splitext(fname)[0] + '.md')
 				if os.path.exists(md_path):
 					with(open(md_path, 'r')) as f:
 						page_source = f.read()
@@ -280,7 +281,7 @@ def cli_redlinks():
 				if fname.endswith('.md'):
 					page_path = dirpath[len(base_path)+1:] + '/' + fname[:-3]
 					
-					with(open(flask.safe_join(dirpath, fname), 'r')) as f:
+					with(open(safe_join(dirpath, fname), 'r')) as f:
 						page_source = f.read()
 					md = WNMarkdown()
 					md.convert(page_source)
diff --git a/wikinote/markup_custom.py b/wikinote/markup_custom.py
index a92e926..35c3083 100644
--- a/wikinote/markup_custom.py
+++ b/wikinote/markup_custom.py
@@ -1,5 +1,5 @@
 #   WikiNote3
-#   Copyright © 2020  Lee Yingtong Li (RunasSudo)
+#   Copyright © 2020, 2022  Lee Yingtong Li (RunasSudo)
 #
 #   This program is free software: you can redistribute it and/or modify
 #   it under the terms of the GNU Affero General Public License as published by
@@ -15,6 +15,7 @@
 #   along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 import flask
+from werkzeug.security import safe_join
 
 import os.path
 import re
@@ -83,7 +84,7 @@ directives['lastmod'] = DirectiveLastmod
 class DirectiveInclude(Directive):
 	def render(self):
 		el = DirectiveElement('div')
-		with open(flask.safe_join('./data', self.arg), 'r') as f:
+		with open(safe_join('./data', self.arg), 'r') as f:
 			self.md.parser.parseChunk(el, f.read())
 		return el
 
@@ -109,7 +110,7 @@ def make_role_ref(is_upper):
 			
 			# Link
 			a = ET.SubElement(el, 'a')
-			if os.path.exists(flask.safe_join('./data/pages', path + '.md')):
+			if os.path.exists(safe_join('./data/pages', path + '.md')):
 				a.set('class', 'ref')
 			else:
 				a.set('class', 'ref redlink')