Generally, it's a good rule to write your untaint routine based on what you're willing to pass rather than trying to guess all the chars that might be used against you...