diff --git a/lib/jekyll/page.rb b/lib/jekyll/page.rb
index 469dbb53..b2dfe361 100644
--- a/lib/jekyll/page.rb
+++ b/lib/jekyll/page.rb
@@ -135,7 +135,7 @@ module Jekyll
     #
     # Returns the destination file path String.
     def destination(dest)
-      path = File.join(dest, self.url)
+      path = File.join(dest, File.expand_path(self.url, "/"))
       path = File.join(path, "index.html") if self.url =~ /\/$/
       path
     end
diff --git a/test/source/exploit.md b/test/source/exploit.md
new file mode 100644
index 00000000..c3f77d1b
--- /dev/null
+++ b/test/source/exploit.md
@@ -0,0 +1,5 @@
+---
+permalink: /%2e%2e/%2e%2e/%2e%2e/baddie.html
+---
+
+# Test
diff --git a/test/test_filters.rb b/test/test_filters.rb
index 0d1da02f..4b5c8212 100644
--- a/test/test_filters.rb
+++ b/test/test_filters.rb
@@ -131,7 +131,7 @@ class TestFilters < Test::Unit::TestCase
             assert_equal 2, g["items"].size
           when ""
             assert g["items"].is_a?(Array), "The list of grouped items for '' is not an Array."
-            assert_equal 5, g["items"].size
+            assert_equal 6, g["items"].size
           end
         end
       end
diff --git a/test/test_page.rb b/test/test_page.rb
index 1147a63d..8924aeec 100644
--- a/test/test_page.rb
+++ b/test/test_page.rb
@@ -124,6 +124,16 @@ class TestPage < Test::Unit::TestCase
         assert_equal @page.permalink, @page.url
         assert_equal "/about/", @page.dir
       end
+
+      should "not be writable outside of destination" do
+        unexpected = File.expand_path("../../../baddie.html", dest_dir)
+        File.delete unexpected if File.exist?(unexpected)
+        page = setup_page("exploit.md")
+        do_render(page)
+        page.write(dest_dir)
+
+        assert !File.exist?(unexpected)
+      end
     end
 
     context "with specified layout of nil" do
diff --git a/test/test_site.rb b/test/test_site.rb
index 2d45ea7c..aeaeba6c 100644
--- a/test/test_site.rb
+++ b/test/test_site.rb
@@ -157,7 +157,7 @@ class TestSite < Test::Unit::TestCase
     should "sort pages alphabetically" do
       stub.proxy(Dir).entries { |entries| entries.reverse }
       @site.process
-      sorted_pages = %w(.htaccess about.html bar.html contacts.html deal.with.dots.html foo.md index.html index.html properties.html sitemap.xml symlinked-file)
+      sorted_pages = %w(.htaccess about.html bar.html contacts.html deal.with.dots.html exploit.md foo.md index.html index.html properties.html sitemap.xml symlinked-file)
       assert_equal sorted_pages, @site.pages.map(&:name)
     end