diff --git a/app/models/user.rb b/app/models/user.rb
index 273cc209b7fad6658b969c96cc0ff4c647b12331..343cc2d76d210fd6e72b51429f453e58af5bf7f6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -43,8 +43,7 @@ class User
   before_validation :strip_username, :on => :create
   validates_presence_of :username
   validates_uniqueness_of :username, :case_sensitive => false
-  validates_format_of :username, :without => /\s/
-
+  validates_format_of :username, :with => /\A[A-Za-z0-9_.]+\z/ 
   validates_with InvitedUserValidator
 
   one :person, :class_name => 'Person', :foreign_key => :owner_id
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index ed3008b840d44eb75971502e6ed404a3b4621cd1..351d5347cea13e592f134a174fad3c548a32e8bd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -73,6 +73,11 @@ describe User do
         user = Factory.build(:user, :username => "bobby tables")
         user.should_not be_valid
       end
+
+      it 'can not contain non url safe characters' do
+        user = Factory.build(:user, :username => "kittens;")
+        user.should_not be_valid
+      end
     end
 
     describe "of email" do