diff --git a/modules/models/base_model.py b/modules/models/base_model.py
index 98ff8806..d504794d 100644
--- a/modules/models/base_model.py
+++ b/modules/models/base_model.py
@@ -1113,6 +1113,9 @@ def delete_chat_history(self, filename):
         # if user access control is not enabled, user_name is empty, don't check
         assert os.path.basename(os.path.dirname(history_file_path)) == self.user_name or self.user_name == ""
         assert os.path.basename(os.path.dirname(md_history_file_path)) == self.user_name or self.user_name == ""
+        # check if history file path is in history directory
+        assert os.path.realpath(history_file_path).startswith(os.path.realpath(HISTORY_DIR))
+        assert os.path.realpath(md_history_file_path).startswith(os.path.realpath(HISTORY_DIR))
         try:
             os.remove(history_file_path)
             os.remove(md_history_file_path)