diff --git a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
index c5edc192..f4e147a5 100644
--- a/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
+++ b/src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs
@@ -92,9 +92,13 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
             return RedirectToPage();
         }
 
-        public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
+       public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
         {
-            string destFileName = Path.Combine(destDirectory, entry.FullName);
+            string destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.FullName));
+            string fullDestDirPath = Path.GetFullPath(destDirectory + Path.DirectorySeparatorChar);
+            if (!destFileName.StartsWith(fullDestDirPath)) {
+                throw new System.InvalidOperationException("Entry is outside the target dir: " + destFileName);
+            }
             entry.ExtractToFile(destFileName);
         }
     }