diff --git a/www/%participant_id/index.html b/www/%participant_id/index.html
index de63c2b5d4..649f2434f5 100644
--- a/www/%participant_id/index.html
+++ b/www/%participant_id/index.html
@@ -281,7 +281,7 @@
function success(d)
{
- window.location.href = "/" + encodeURI(d.participant_id) + "/";
+ window.location.href = "/" + encodeURIComponent(d.participant_id) + "/";
}
function error(e)
{
@@ -297,8 +297,9 @@
}
else
{
- alert( "Sorry, something went wrong. :-( Try again "
- + "later?");
+ alert( "Sorry, something went wrong. Either you used "
+ + "disallowed characters or something broke on "
+ + "our end.");
}
}
jQuery.ajax(
diff --git a/www/%participant_id/participant_id.json b/www/%participant_id/participant_id.json
index 23e9cfc3a5..b67aff9062 100644
--- a/www/%participant_id/participant_id.json
+++ b/www/%participant_id/participant_id.json
@@ -2,6 +2,12 @@ from aspen import Response
from gittip import db
from psycopg2 import IntegrityError
+ALLOWED_ASCII = set("0123456789"
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ ".,-_;:@ ")
+
+
# ========================================================================== ^L
if user.ANON:
@@ -18,8 +24,11 @@ new_participant_id = request.body['participant_id']
for i, c in enumerate(new_participant_id):
if i == 32:
raise Response(413) # Request Entity Too Large (more or less)
- if ord(c) < 32:
+ elif ord(c) < 128 and c not in ALLOWED_ASCII:
raise Response(400) # Yeah, no.
+ elif c not in ALLOWED_ASCII:
+ raise Response(400) # XXX Burned by an Aspen bug. :`-(
+ # https://github.com/whit537/aspen/issues/102
# Persist