diff --git a/src/main/java/app/save/FileActions.java b/src/main/java/app/save/FileActions.java
index bbdb56b..b5cad06 100644
--- a/src/main/java/app/save/FileActions.java
+++ b/src/main/java/app/save/FileActions.java
@@ -25,7 +25,10 @@ static void unpack(File jarFile, File destinationFile) throws IOException {
         Enumeration enumEntries = jar.entries();
         while (enumEntries.hasMoreElements()) {
             JarEntry file = (JarEntry) enumEntries.nextElement();
-            File f = new File(destinationFile.getPath() + File.separator + file.getName());
+            File f = new File(destinationFile.getPath(), file.getName());
+            if (!f.toPath().normalize().startsWith(destinationFile.getPath())) {
+                throw new RuntimeException("Bad zip entry");
+            }
             if (f.getParentFile().mkdirs()) ;
             if (file.isDirectory()) {
                 f.mkdir();