diff --git a/electron/fileError.html b/electron/fileError.html
new file mode 100644
index 000000000..7a119b5f0
--- /dev/null
+++ b/electron/fileError.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Bitburner</title>
+    <style>
+      body {
+        background-color: black;
+        color: #0c0;
+        margin: 0;
+      }
+
+      div {
+        height: 100vh;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+      }
+
+      h1 {
+        text-align: center;
+      }
+    </style>
+  </head>
+  <body>
+    <div>
+      <h1>Attempts to access local files outside the normal game environment will be directed to this file.</h1>
+    </div>
+  </body>
+</html>
diff --git a/electron/fileError.txt b/electron/fileError.txt
deleted file mode 100644
index 795ac7ae2..000000000
--- a/electron/fileError.txt
+++ /dev/null
@@ -1 +0,0 @@
-Attempts to access local files outside the normal game environment will be directed to this file.
diff --git a/electron/main.js b/electron/main.js
index ac16a33a3..02c937443 100644
--- a/electron/main.js
+++ b/electron/main.js
@@ -29,6 +29,7 @@ const debounce = require("lodash/debounce");
 const Store = require("electron-store");
 const store = new Store();
 const path = require("path");
+const { realpathSync } = require("fs");
 const { fileURLToPath } = require("url");
 
 log.transports.file.level = store.get("file-log-level", "info");
@@ -201,13 +202,18 @@ app.on("ready", async () => {
   // Intercept file protocol requests and only let valid requests through
   protocol.interceptFileProtocol("file", ({ url, method }, callback) => {
     const filePath = fileURLToPath(url);
-    const relativePath = path.relative(__dirname, filePath);
-    //only provide html files in same directory, or anything in dist
-    if ((method === "GET" && relativePath.startsWith("dist")) || relativePath.match(/^[a-zA-Z-_]*\.html/)) {
-      return callback(filePath);
+    const realPath = realpathSync(filePath);
+    const relativePath = path.relative(__dirname, realPath);
+    // Only allow access to files in "dist" folder or html files in the same directory
+    if (method === "GET" && (relativePath.startsWith("dist") || relativePath.match(/^[a-zA-Z-_]*\.html/))) {
+      callback(realPath);
+      return;
     }
-    log.error(`Tried to access a page outside the sandbox. Url: ${url}. Method: ${method}.`);
-    callback(path.join(__dirname, "fileError.txt"));
+    log.error(
+      `Tried to access a page outside the sandbox. Url: ${url}. FilePath: ${filePath}. RealPath: ${realPath}.` +
+        ` __dirname: ${__dirname}. RelativePath: ${relativePath}. Method: ${method}.`,
+    );
+    callback(path.join(__dirname, "fileError.html"));
   });
 
   log.info("Application is ready!");