diff --git a/CHANGELOG b/CHANGELOG
index ea9faac..e02fa73 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ innoextract 1.8 (WIP)
  - Added support for installers using an alternative setup loader magic
  - Added support for using boost_{zlib,bzip2} when statically linking Boost
  - Fixed extracting files from slices larger than 2 GiB with 32-bit builds
+ - Fixed output path for files with absolute paths (canonicalization now strips all unsafe characters)
 
 innoextract 1.7 (2018-06-12)
  - Added support for Inno Setup 5.6.0 installers
diff --git a/src/setup/filename.cpp b/src/setup/filename.cpp
index fe4fa28..41660e7 100644
--- a/src/setup/filename.cpp
+++ b/src/setup/filename.cpp
@@ -79,7 +79,9 @@ std::string filename_map::expand_variables(it & begin, it end, bool close) const
 		while(pos != end && *pos != '{' && *pos != '}') {
 			++pos;
 		}
+		ptrdiff_t obegin = ptrdiff_t(result.size());
 		result.append(begin, pos);
+		result.erase(std::remove_if(result.begin() + obegin, result.end(), is_unsafe_path_char()), result.end());
 		begin = pos;
 		
 		if(pos == end) {