diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index ad60d21..02e643c 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -15,6 +15,18 @@ def test_page_that_doesnt_exist(client):
     assert response.status_code == 404
 
 
+def test_files_outside_pages_do_not_get_served(client):
+    """Test that page pathing doesn't break out of the instance/pages/ dir."""
+    response = client.get('/../unreachable')
+    assert response.status_code == 400
+
+
+def test_weird_paths_do_not_get_served(client):
+    """Test that we clean up requests as desired."""
+    response = client.get('/../../')
+    assert response.status_code == 400
+
+
 def test_page_with_title_metadata(client):
     """Test that a page with title metadata has its title written."""
     response = client.get('/')