diff --git a/app/Http/Controllers/InternalApiController.php b/app/Http/Controllers/InternalApiController.php
index c52e917d..18556fdc 100644
--- a/app/Http/Controllers/InternalApiController.php
+++ b/app/Http/Controllers/InternalApiController.php
@@ -45,7 +45,7 @@ class InternalApiController extends Controller
             'caption' => 'nullable|string',
             'media.*'   => 'required',
             'media.*.id' => 'required|integer|min:1',
-            'media.*.filter' => 'nullable|string|max:30',
+            'media.*.filter' => 'nullable|alpha_dash|max:30',
             'media.*.license' => 'nullable|string|max:80',
             'visibility' => 'required|string|in:public,private|min:2|max:10'
         ]);
diff --git a/app/Http/Controllers/StatusController.php b/app/Http/Controllers/StatusController.php
index 3031d73c..e6ae1647 100644
--- a/app/Http/Controllers/StatusController.php
+++ b/app/Http/Controllers/StatusController.php
@@ -112,7 +112,7 @@ class StatusController extends Controller
           'photo.*'      => 'required|mimetypes:' . config('pixelfed.media_types').'|max:' . config('pixelfed.max_photo_size'),
           'caption'      => 'nullable|string|max:'.config('pixelfed.max_caption_length'),
           'cw'           => 'nullable|string',
-          'filter_class' => 'nullable|string',
+          'filter_class' => 'nullable|alpha_dash|max:30',
           'filter_name'  => 'nullable|string',
           'visibility'   => 'required|string|min:5|max:10',
         ]);