diff --git a/base/js/jquery/cookie/server.js b/base/js/jquery/cookie/server.js
index 5dcb4c73..d927ac0d 100644
--- a/base/js/jquery/cookie/server.js
+++ b/base/js/jquery/cookie/server.js
@@ -4,6 +4,11 @@ var http = require('http'),
     fs   = require('fs');
 
 http.createServer(function(request, response) {
+    if (path.normalize(decodeURI(request.url)) !== decodeURI(request.url)) {
+        response.statusCode = 403;
+        response.end();
+        return;
+    }
     var uri      = url.parse(request.url).pathname,
         filename = path.join(process.cwd(), uri);