Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.