diff --git a/src/pyff/mdx.py b/src/pyff/mdx.py
index 2d00bbcd..f729aee2 100644
--- a/src/pyff/mdx.py
+++ b/src/pyff/mdx.py
@@ -71,6 +71,7 @@
 from .i18n import language
 from . import samlmd
 import six
+from cgi import escape
 
 if six.PY2:
     _ = language.ugettext
@@ -576,8 +577,8 @@ def _d(x, do_split=True):
                     pdict['search'] = "/search/"
                     pdict['list'] = "/role/idp.json"
                 else:
-                    pdict['search'] = "{}.s".format(path)
-                    pdict['list'] = "{}.json".format(path)
+                    pdict['search'] = "{}.s".format(escape(path, quote=True))
+                    pdict['list'] = "{}.json".format(escape(path, quote=True))
 
                 pdict['storage'] = "/storage/"
                 cherrypy.response.headers['Content-Type'] = 'text/html'