diff --git a/qubesmanager/backup_utils.py b/qubesmanager/backup_utils.py
index b822395..d595e6a 100644
--- a/qubesmanager/backup_utils.py
+++ b/qubesmanager/backup_utils.py
@@ -210,6 +210,8 @@ def get_path_for_vm(vm, service_name):
     if len(untrusted_path) == 0:
         return None
     if path_re.match(untrusted_path):
+        assert '../' not in untrusted_path
+        assert '\0' not in untrusted_path
         return untrusted_path.strip()
     else:
         return None