diff --git a/src/accounting/report/utils/csv_export.py b/src/accounting/report/utils/csv_export.py
index ff77576..613df51 100644
--- a/src/accounting/report/utils/csv_export.py
+++ b/src/accounting/report/utils/csv_export.py
@@ -22,6 +22,7 @@ from abc import ABC, abstractmethod
 from datetime import timedelta, date
 from decimal import Decimal
 from io import StringIO
+from urllib.parse import quote
 
 from flask import Response
 
@@ -53,7 +54,7 @@ def csv_download(filename: str, rows: list[BaseCSVRow]) -> Response:
         fp.seek(0)
         response: Response = Response(fp.read(), mimetype="text/csv")
         response.headers["Content-Disposition"] \
-            = f"attachment; filename={filename}"
+            = f"attachment; filename={quote(filename)}"
         return response
 
 
diff --git a/tests/test_report.py b/tests/test_report.py
index f14e187..0d34317 100644
--- a/tests/test_report.py
+++ b/tests/test_report.py
@@ -132,6 +132,12 @@ class ReportTestCase(unittest.TestCase):
         response = client.get(f"{PREFIX}/search?q=Salary&as=csv")
         self.assertEqual(response.status_code, 403)
 
+        response = client.get(f"{PREFIX}/search?q=薪水")
+        self.assertEqual(response.status_code, 403)
+
+        response = client.get(f"{PREFIX}/search?q=薪水&as=csv")
+        self.assertEqual(response.status_code, 403)
+
     def test_viewer(self) -> None:
         """Test the permission as viewer.
 
@@ -221,6 +227,14 @@ class ReportTestCase(unittest.TestCase):
         self.assertEqual(response.headers["Content-Type"],
                          "text/csv; charset=utf-8")
 
+        response = client.get(f"{PREFIX}/search?q=薪水")
+        self.assertEqual(response.status_code, 200)
+
+        response = client.get(f"{PREFIX}/search?q=薪水&as=csv")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.headers["Content-Type"],
+                         "text/csv; charset=utf-8")
+
     def test_editor(self) -> None:
         """Test the permission as editor.
 
@@ -310,6 +324,14 @@ class ReportTestCase(unittest.TestCase):
         self.assertEqual(response.headers["Content-Type"],
                          "text/csv; charset=utf-8")
 
+        response = self.client.get(f"{PREFIX}/search?q=薪水")
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.get(f"{PREFIX}/search?q=薪水&as=csv")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.headers["Content-Type"],
+                         "text/csv; charset=utf-8")
+
     def test_empty_db(self) -> None:
         """Tests the empty database.