Add test to ensure no traversal

spec/scss_converter_spec.rb

@@ -251,7 +251,8 @@ def converter(overrides = {})
           "sass"   => {
             "load_paths" => [
               "bower_components/*",
-              Dir.tmpdir
+              Dir.tmpdir,
+              "../.."
             ]
           }
         }))
@@ -264,6 +265,13 @@ def converter(overrides = {})
       it "ignores external load paths" do
         expect(converter.sass_load_paths).not_to include(Dir.tmpdir)
       end
+
+      it "does not allow traversing outside source directory" do
+        converter.sass_load_paths.each do |path|
+          expect(path).to include(source_dir)
+          expect(path).not_to include('..')
+        end
+      end
     end
   end
 end