diff --git a/src/main/java/org/olat/core/commons/modules/bc/commands/CmdServeResource.java b/src/main/java/org/olat/core/commons/modules/bc/commands/CmdServeResource.java
index e643a57cbb9cf054ea41931cc4892183e7403cf3..a3778f2fff6536dc1b3a4c84f0bf86b594a13229 100644
--- a/src/main/java/org/olat/core/commons/modules/bc/commands/CmdServeResource.java
+++ b/src/main/java/org/olat/core/commons/modules/bc/commands/CmdServeResource.java
@@ -119,6 +119,9 @@ public class CmdServeResource implements FolderCommand {
 						smr.setContentType(mimetype);
 						smr.setEncoding(enc);
 						smr.setData(page);
+						if(forceDownload) {
+							smr.setDownloadable(true, vfsfile.getName());
+						}
 						mr = smr;
 					} else {
 						// found a new charset other than iso-8859-1 -> let it load again
diff --git a/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java b/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
index 3d994d8aac5b36666ae23fb8b9a787012d082b6e..7efb164c94217829168883726e63df9c96af1978 100644
--- a/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
+++ b/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
@@ -33,6 +33,7 @@ import java.util.List;
 import org.olat.core.CoreSpringFactory;
 import org.olat.core.commons.modules.bc.FileSelection;
 import org.olat.core.commons.modules.bc.FolderConfig;
+import org.olat.core.commons.modules.bc.FolderModule;
 import org.olat.core.commons.modules.bc.meta.MetaInfo;
 import org.olat.core.commons.modules.bc.meta.tagged.MetaTagged;
 import org.olat.core.gui.components.form.flexible.impl.NameValuePair;
@@ -46,6 +47,7 @@ import org.olat.core.logging.OLog;
 import org.olat.core.logging.Tracing;
 import org.olat.core.util.Formatter;
 import org.olat.core.util.StringHelper;
+import org.olat.core.util.WebappHelper;
 import org.olat.core.util.vfs.AbstractVirtualContainer;
 import org.olat.core.util.vfs.NamedContainerImpl;
 import org.olat.core.util.vfs.VFSConstants;
@@ -83,6 +85,7 @@ public class ListRenderer {
 	/** View thumbnail */
 	public static final String PARAM_SERV_THUMBNAIL = "servthumb";
 
+	private FolderModule folderModule;
 	private VFSLockManager lockManager;
 	private UserManager userManager;
  	
@@ -110,6 +113,9 @@ public class ListRenderer {
 		if(userManager == null) {
 			userManager = CoreSpringFactory.getImpl(UserManager.class);
 		}
+		if(folderModule == null) {
+			folderModule = CoreSpringFactory.getImpl(FolderModule.class);
+		}
 
 		List<VFSItem> children = fc.getCurrentContainerChildren();
 		// folder empty?
@@ -248,7 +254,22 @@ public class ListRenderer {
 			} else { // for files, add PARAM_SERV command
 				sb.append(" href=\"");
 				ubu.buildURI(sb, new String[] { PARAM_SERV }, new String[] { "x" }, pathAndName, AJAXFlags.MODE_NORMAL);
-				sb.append("\" target=\"_blank\" download=\"").append(name).append("\"");
+				sb.append("\"");
+
+				boolean download = folderModule.isForceDownload();
+				if (!download) {
+					// additional check if not an html or txt page. Only HTML pages are
+					// displayed in browser, all other should be downloaded
+					String mimeType = WebappHelper.getMimeType(name);
+					if (mimeType != null && !"text/html".equals(mimeType) && !"application/xhtml+xml".equals(mimeType)) {
+						download = true;
+					}					
+				}
+				if (download) {
+					sb.append(" download=\"").append(StringHelper.escapeHtml(name)).append("\"");					
+				} else {					
+					sb.append(" target=\"_blank\"");
+				}
 			}
 			sb.append(">");
 
diff --git a/src/main/java/org/olat/core/gui/media/StringMediaResource.java b/src/main/java/org/olat/core/gui/media/StringMediaResource.java
index 67f6f3eab5dae3106e236834f4c889ccdee44e95..47682f506158514490617339f9b05eb6bb662ad3 100644
--- a/src/main/java/org/olat/core/gui/media/StringMediaResource.java
+++ b/src/main/java/org/olat/core/gui/media/StringMediaResource.java
@@ -43,6 +43,8 @@ public class StringMediaResource extends DefaultMediaResource {
 	//default - if no encoding is specified we assume iso latin
 	private String encoding = "iso-8859-1";
 	private String data;
+	private boolean downloadable = false;
+	private String downloadFileName = null;
 	
 	@Override
 	public boolean acceptRanges() {
@@ -87,10 +89,30 @@ public class StringMediaResource extends DefaultMediaResource {
 		hres.setHeader("Pragma", "no-cache");
 		hres.setDateHeader("Expires", 0);
 		//
+		if (downloadable && downloadFileName != null) {
+			String filename = StringHelper.urlEncodeUTF8(downloadFileName);
+			hres.setHeader("Content-Disposition", "attachment; filename*=UTF-8''" + filename);
+		}
 	}
 	
 	@Override
 	public String toString() {
 		return data;
 	}
+
+	/**
+	 * Set to true to force the browser to download the resource. This is done
+	 * by set the content-disposition to attachment
+	 * 
+	 * NOTE: make sure when writing the link to properly set the target or
+	 * download attribute depending on the mime-type or the downloadable nature
+	 * of the file!
+	 * 
+	 * @param downloadable true: set to download; false: let browser decide
+	 * @param downloadFileName name of the attachment if downloadable set to true
+	 */
+	public void setDownloadable(boolean downloadable, String downloadFileName) {
+		this.downloadable = downloadable;
+		this.downloadFileName = downloadFileName;		
+	}
 }
\ No newline at end of file
diff --git a/src/main/java/org/olat/core/util/vfs/VFSMediaResource.java b/src/main/java/org/olat/core/util/vfs/VFSMediaResource.java
index 26e2b2f86c17463e1e39a59ab8845688af148fc9..bff3bd0ee1f3f12b17a7cf7f768caea0046885a3 100644
--- a/src/main/java/org/olat/core/util/vfs/VFSMediaResource.java
+++ b/src/main/java/org/olat/core/util/vfs/VFSMediaResource.java
@@ -112,7 +112,7 @@ public class VFSMediaResource implements MediaResource {
 	@Override
 	public void prepare(HttpServletResponse hres) {
 		String filename = StringHelper.urlEncodeUTF8(vfsLeaf.getName());
-		if (unknownMimeType) {
+		if (unknownMimeType || downloadable) {
 			hres.setHeader("Content-Disposition", "attachment; filename*=UTF-8''" + filename);
 		} else {
 			hres.setHeader("Content-Disposition", "filename*=UTF-8''" + filename);
@@ -135,6 +135,20 @@ public class VFSMediaResource implements MediaResource {
 		this.encoding = encoding;
 	}
 	
+	/**
+	 * Set to true to force the browser to download the resource. This is done by 
+	 * a) set the content-disposition to attachment
+	 * b) set the mime-type to some non-existing mime-type for browser-executable, 
+	 * xss-relevant resource such as html files. Since the browser does not 
+	 * understand the mime-type, the file gets downloaded instead of executed. 
+	 * 
+	 * NOTE: make sure when writing the link to properly set the target or 
+	 * download attribute depending on the mime-type or the downloadable nature
+	 * of the file!
+	 * 
+	 * @param downloadable true: force browser to download; false: let browser
+	 * decide, might render inline in browser window
+	 */
 	public void setDownloadable(boolean downloadable) {
 		this.downloadable = downloadable;
 	}