diff --git a/src/PowerIdPDisco.php b/src/PowerIdPDisco.php
index 82cd127..be67e51 100644
--- a/src/PowerIdPDisco.php
+++ b/src/PowerIdPDisco.php
@@ -5,6 +5,7 @@
 namespace SimpleSAML\Module\discopower;
 
 use Exception;
+use SimpleSAML\Assert\Assert;
 use SimpleSAML\Auth;
 use SimpleSAML\Configuration;
 use SimpleSAML\Logger;
@@ -337,6 +338,13 @@ public function handleRequest(): void
         $t->data['rememberenabled'] = $this->config->getOptionalBoolean('idpdisco.enableremember', false);
         $t->data['rememberchecked'] = $this->config->getOptionalBoolean('idpdisco.rememberchecked', false);
         foreach (array_keys($idpList) as $tab) {
+            Assert::regex(
+                $tab,
+                '/^[a-z_][a-z0-9_-]+$/',
+                'Tags can contain alphanumeric characters, hyphens and underscores.'
+                . ' They must start with a A-Z or an underscore.',
+            );
+
             $translatableTag = "{discopower:tabs:$tab}";
             if ($translator::translateSingularGettext($translatableTag) === $translatableTag) {
                 $t->data['tabNames'][$tab] = $translator::noop($tab);