diff --git a/index.js b/index.js
index 6d6b688..3afbb05 100644
--- a/index.js
+++ b/index.js
@@ -14,6 +14,11 @@ var http = require("http"),
     port = process.argv[2] || 8888;
 
 http.createServer(function(request, response) {
+    if (path.normalize(decodeURI(request.url)) !== decodeURI(request.url)) {
+        response.statusCode = 403;
+        response.end();
+        return;
+    }
 
   var uri = url.parse(request.url).pathname
     , filename = path.join(process.cwd(), 'pages\\' + uri);