Make sure that nobody can "hack" the path parameter when browsing docs

[everzet]

Our path requirement in documentation routes is currently path: '.*\.html'. I'm not sure it's very secure, but I can't think of any hacks people can apply there. Feel free to chime in and slap me in the face with some possible way to hack it, so we can patch it before going live.

[stof]

this is OK IMO (once we solve #24 to avoid conflicts between the extensions doc and the behat doc)

[stof]

hmm, we should forbid people to send something like .. in the path to go outside the doc though