Character Limitations

The following characters are banned to avoid XSS-attacks and SQL-injections (note that some sets overlap)

Character SetReason

< >

Not allowed in XSS compatible strings

' " \n \r \ ; & | ! \0 % ` < > ? $ ~

Not allowed in strings that may be used in db queries

" \n \r \ ; & | ! \0 % ` < > ? $ ~

Not allowed in strings that may be used in db queries, assuming single quote is escaped

\0 \n \r / \\ ? % $ * : ; | \" \' ` < >

Not allowed in filenames

', \" \\ + < > ; = # <space>

Characters that are allowed to be escaped in strings according to RFC 2253, section 2.4 lists. We also allow '=' to be escaped.