diff --git a/frappe/core/doctype/file/file.py b/frappe/core/doctype/file/file.py
index 3308572299..ebf884daa1 100755
--- a/frappe/core/doctype/file/file.py
+++ b/frappe/core/doctype/file/file.py
@@ -436,9 +436,6 @@ class File(Document):
 		else:
 			self.file_name = re.sub(r"/", "", self.file_name)
 
-		# Escape HTML characters in file name
-		self.file_name = escape_html(self.file_name)
-
 	def generate_content_hash(self):
 		if self.content_hash or not self.file_url or self.is_remote_file:
 			return
diff --git a/frappe/core/doctype/file/file_list.js b/frappe/core/doctype/file/file_list.js
new file mode 100644
index 0000000000..94ec9760cf
--- /dev/null
+++ b/frappe/core/doctype/file/file_list.js
@@ -0,0 +1,7 @@
+frappe.listview_settings["File"] = {
+	formatters: {
+		file_name: function (value) {
+			return frappe.utils.escape_html(value || "");
+		},
+	},
+};
diff --git a/frappe/public/js/frappe/views/file/file_view.js b/frappe/public/js/frappe/views/file/file_view.js
index dff7e1b893..ecc6e90187 100644
--- a/frappe/public/js/frappe/views/file/file_view.js
+++ b/frappe/public/js/frappe/views/file/file_view.js
@@ -213,6 +213,7 @@ frappe.views.FileView = class FileView extends frappe.views.ListView {
 			title = d.file_name || d.file_url;
 		}
 
+		title = frappe.utils.escape_html(title);
 		title = title.slice(0, 60);
 		d._title = title;
 		d.icon_class = icon_class;