diff --git a/NEWS b/NEWS
index 30bdc523..e1af60cb 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ shiny-server 1.5.16
 
 * Upgrade Node.js to 12.20.0.
 
+* Fix issue with Unicode characters being escaped incorrectly in directory
+  listings.
+
 shiny-server 1.5.15
 --------------------------------------------------------------------------------
 
diff --git a/lib/router/directory-router.js b/lib/router/directory-router.js
index 1c21ef2e..14085acc 100644
--- a/lib/router/directory-router.js
+++ b/lib/router/directory-router.js
@@ -67,7 +67,7 @@ function DirectoryRouter(root, runas, dirIndex, prefix, logdir, settings,
     var suffix = pathname.substring(prefix.length);
 
     // Disallow hidden path elements, ".", and ".."
-    if (/\/\./.test(unescape(pathname)) || 
+    if (/\/\./.test(decodeURIComponent(pathname)) || 
         (this.$blacklist && this.$blacklist.exec(suffix))) {
       render.sendPage(res, 403, 'Forbidden', {
         template: 'error-403',
@@ -162,7 +162,7 @@ function DirectoryRouter(root, runas, dirIndex, prefix, logdir, settings,
       }
 
       var indexPath = path.normalize(path.join(
-        self.$root, unescape(this.path), 'index.html'));
+        self.$root, decodeURIComponent(this.path), 'index.html'));
 
       fs.exists(indexPath, function(exists) {
         if (exists) {
@@ -201,7 +201,7 @@ function DirectoryRouter(root, runas, dirIndex, prefix, logdir, settings,
   };
 
   this.$autoindex_p = function(req, res, apath, filter) {
-    var unescapedPath = unescape(apath);
+    var unescapedPath = decodeURIComponent(apath);
     var dirpath = path.normalize(path.join(this.$root, unescapedPath));
     var self = this;
     return Q.nfcall(fs.readdir, dirpath)
@@ -240,7 +240,7 @@ function DirectoryRouter(root, runas, dirIndex, prefix, logdir, settings,
         return _.map(names, function(name) {
           return {
             name: name,
-            url: escape(name)
+            url: encodeURIComponent(name)
           };
         });
       }
@@ -421,7 +421,7 @@ function extractUnescapedDirs(p) {
     // This can happen if p ends with /, since we match on $
     if (lastpos > p.length)
       break;
-    element = unescape(p.substring(lastpos, m.index));
+    element = decodeURIComponent(p.substring(lastpos, m.index));
     lastpos = m.index + 1;
 
     // empty? ignore.