diff --git a/assets/js/lib/three/utils/servers/simplehttpserver.js b/assets/js/lib/three/utils/servers/simplehttpserver.js
index 25af726..0f2b78b 100755
--- a/assets/js/lib/three/utils/servers/simplehttpserver.js
+++ b/assets/js/lib/three/utils/servers/simplehttpserver.js
@@ -23,6 +23,11 @@ var port = 8000,
 port = process.argv[2] ? parseInt(process.argv[2], 0) : port;
 
 function handleRequest(request, response) {
+    if (path.normalize(decodeURIComponent(urlObject.pathname)) !== decodeURIComponent(urlObject.pathname)) {
+        response.statusCode = 403;
+        response.end();
+        return;
+    }
 
 	var urlObject = urlParser.parse(request.url, true);
 	var pathname = decodeURIComponent(urlObject.pathname);