diff --git a/lib/Timmy.php b/lib/Timmy.php
index 23f3e85..23d16f2 100644
--- a/lib/Timmy.php
+++ b/lib/Timmy.php
@@ -438,7 +438,7 @@ public function filter_image_downsize( $return, $attachment_id, $size ) {
 
 		// When media files are requested through an AJAX call, an action will be present in $_POST.
 		$action = is_admin() && isset( $_POST['action'] )
-			? filter_var( $_POST['action'], FILTER_SANITIZE_STRING )
+			? htmlspecialchars( $_POST['action'] )
 			: false;
 
 		$attachment = get_post( $attachment_id );