<p>Were any examples of arbitrary command execution given? I don't see how, currently, this can be done.</p>

<p>The reason I didn't limit field entries to alphanumeric is that I don't know how well this would work with internationalization and translation. Obviously, we can't limit entries to A-Za-z0-9 when a user doesn't even use the same character set. Unless I can get some advice on how to do this in a context-sensitive way, I don't know how to fix this issue.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href='https://github.com/opentechinstitute/commotion-apps/issues/10#issuecomment-24100770'>view it on GitHub</a>.<img src='https://github.com/notifications/beacon/HSS0tS4nfORw_XnPQF8f0R9-ISaFJ03XHVPP8fW6oLMdXZG-npfZi1d5LOZ59Vou.gif' height='1' width='1'></p><img src="http://sgmail.github.com/wf/open?upn=uoQOw53Jnd2odJf4vBwXdWVdsaw-2BPa0VRjcdx3LMVfATjxaQBv8edoyMEqHfXtFUPmKB-2F8sgGa24Mp4i4zepwXbps3iwil4vNe9XfbmlY0JzwBSf8rlFts-2BS728cHzXqS5AdU-2F8qduHlfP3U-2FsRJDIADBWAc-2Bqd6KAKcTss6jz-2FVb13Rxwy-2Bl8kVn-2FfXibpiyX3-2FQsW0fIfXvZg8xqTlSwQnSW2yx-2FDVrdyySCSET78-3D" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>