diff --git a/NEWS b/NEWS
index 31c2b87b..59b02114 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 1.1.0, unknown release date
 - Made URI validator more forgiving: will ignore leading and trailing
   quotes, apostrophes and less than or greater than signs.
+- Enforce alphanumeric namespace and directive names for configuration.
 
 1.0.1, unknown release date
 - Fixed slight bug in DOMLex attribute parsing
diff --git a/library/HTMLPurifier/ConfigDef.php b/library/HTMLPurifier/ConfigDef.php
index fb47aef1..5800acd1 100644
--- a/library/HTMLPurifier/ConfigDef.php
+++ b/library/HTMLPurifier/ConfigDef.php
@@ -86,6 +86,11 @@ class HTMLPurifier_ConfigDef {
                 E_USER_ERROR);
             return;
         }
+        if (!ctype_alnum($name)) {
+            trigger_error('Directive name must be alphanumeric',
+                E_USER_ERROR);
+            return;
+        }
         if (isset($def->info[$namespace][$name])) {
             if (
                 $def->info[$namespace][$name]->type !== $type ||
@@ -127,6 +132,11 @@ class HTMLPurifier_ConfigDef {
             trigger_error('Cannot redefine namespace', E_USER_ERROR);
             return;
         }
+        if (!ctype_alnum($namespace)) {
+            trigger_error('Namespace name must be alphanumeric',
+                E_USER_ERROR);
+            return;
+        }
         $def->info[$namespace] = array();
         $def->info_namespace[$namespace] = new HTMLPurifier_ConfigEntity_Namespace();
         $backtrace = debug_backtrace();
diff --git a/tests/HTMLPurifier/ConfigDefTest.php b/tests/HTMLPurifier/ConfigDefTest.php
index 194d591b..401690ff 100644
--- a/tests/HTMLPurifier/ConfigDefTest.php
+++ b/tests/HTMLPurifier/ConfigDefTest.php
@@ -231,6 +231,24 @@ class HTMLPurifier_ConfigDefTest extends UnitTestCase
         $this->swallowErrors();
         
         
+        // define a directive with bad characters
+        HTMLPurifier_ConfigDef::define(
+            'Core', 'Core.Attr', 10, 'int',
+            'No periods! >:-('
+        );
+        
+        $this->assertError('Directive name must be alphanumeric');
+        $this->assertNoErrors();
+        $this->swallowErrors();
+        
+        // define a namespace with bad characters
+        HTMLPurifier_ConfigDef::defineNamespace(
+            'Foobar&Gromit', $description
+        );
+        
+        $this->assertError('Namespace name must be alphanumeric');
+        $this->assertNoErrors();
+        $this->swallowErrors();
         
     }