Safe Characters for File Names
* ASCII Characters
0-9 A-Z a-z
Space ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ `
{ | } ~ (33 specials)
* Bourne shell metacharacters
Space | & ; ( ) < > Newline Tab
* Other significant characters
? [ ] $ { } ` \ ' " * ! #
* WWW Security FAQ
The World Wide Web Security FAQ (<
http://www.w3.org/Security/Faq/>)
gives the following list of unsafe characters (for all user-supplied
text passed to a shell):
& ; ` ' \ " | * ? ~ < > ^ ( ) [ ] { } $ NEWLINE RETURN
This excludes '~' and '^', which I had considered safe, and permits
'!', '#', SPACE, and TAB, which I considered problematic.
I'll take a cautious approach and exclude the new characters the FAQ
considers problematic in addition to the ones I identified myself.
* Safe characters
Most unix systems place no restrictions on valid characters for file
names. However non-printing and other characters are inconvenient for
file manipulation, and shell metacharacters in text processed by the
shell can pose a security risk. Therefore safe characters are
alphanumerics and a conservatively selected subset of special
characters.
0-9 A-Z a-z
% + , - . / : = @ _ (10 specials)